that is *so* cool. thanks Anthony.
I've modify my controller code to create a form and call accepts():
form = FORM(TEXTAREA(_name='message'), INPUT(_name='email'))
if form.accepts(request.vars, session): etc
and return the form so it's passed to my view
My view is still hand-coded HTML but now I've added
{{=form.hidden_fields()}} to it
sorted.
On 15 July 2011 16:08, Anthony <abasta...@gmail.com> wrote:
> On Friday, July 15, 2011 10:53:55 AM UTC-4, Carl wrote:
>>
>> that's excellent news (and thanks for those links).
>>
>> if I'm defining the HTML of a form in a file in my views/ directory
>> how do I leverage this gatekeeper?
>
> If you're building forms manually in HTML, you'll still have to call
> form.accepts(..., session) in your action in order to have the formkey (a)
> generated prior to form submission and (b) checked against the session upon
> submission. To include the two hidden fields (_formname and _formkey) in
> your manually created form, you can do:
>
> {{=form.hidden_fields()}}
>
>
> Anthony
