that is *so* cool. thanks Anthony. I've modify my controller code to create a form and call accepts(): form = FORM(TEXTAREA(_name='message'), INPUT(_name='email')) if form.accepts(request.vars, session): etc and return the form so it's passed to my view
My view is still hand-coded HTML but now I've added {{=form.hidden_fields()}} to it sorted. On 15 July 2011 16:08, Anthony <abasta...@gmail.com> wrote: > On Friday, July 15, 2011 10:53:55 AM UTC-4, Carl wrote: >> >> that's excellent news (and thanks for those links). >> >> if I'm defining the HTML of a form in a file in my views/ directory >> how do I leverage this gatekeeper? > > If you're building forms manually in HTML, you'll still have to call > form.accepts(..., session) in your action in order to have the formkey (a) > generated prior to form submission and (b) checked against the session upon > submission. To include the two hidden fields (_formname and _formkey) in > your manually created form, you can do: > > {{=form.hidden_fields()}} > > > Anthony