diff options
author | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2014-11-18 05:47:53 +0100 |
---|---|---|
committer | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2014-11-19 02:15:56 +0100 |
commit | b51620eb9502997a2f55a485e55e0e73f6450449 (patch) | |
tree | 437a39393185ae9641112323621a23c32c6388bc /templates/_formhelpers.html | |
parent | bdb756fdc7e8391a786cf9e896ac78400b2d925e (diff) | |
download | padlite-teams-b51620eb9502997a2f55a485e55e0e73f6450449.tar.gz padlite-teams-b51620eb9502997a2f55a485e55e0e73f6450449.tar.bz2 padlite-teams-b51620eb9502997a2f55a485e55e0e73f6450449.zip |
forms: use Form from flask.ext.wtf as base for all forms
Form from flask.ext.wtf has automatic csfr handling included. We need to hide this
form fields but we get extra security for nothing more.
Diffstat (limited to 'templates/_formhelpers.html')
-rw-r--r-- | templates/_formhelpers.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/templates/_formhelpers.html b/templates/_formhelpers.html index e50f482..f0fe7fe 100644 --- a/templates/_formhelpers.html +++ b/templates/_formhelpers.html @@ -1,5 +1,5 @@ {% macro render_field(field) %} - {% if field.type == 'HiddenField' %} + {% if field.type in ['HiddenField', 'CSRFTokenField'] %} {{ field()|safe }} {% else %} <div class="form-group {% if field.errors %}has-error{% endif %}"> |