Skip to main content
Join the official Python Developers Survey 2018 and win valuable prizes: Start the survey!

A signed Django form

Project description

A small library that provides a form class that signs a configurable set of hidden fields using django.core.signing.

The most common use case for such a form is when the view that handles the post differs from the view that sets up the form, but you need to pass some information from one view to the other, without evil hackers tampering with your precious data.

Usage

Subclass SignedForm, and define which fields should be signed:

from signedforms.forms import SignedForm

class MyForm(SignedForm):
    signed_fields = ['redirect_url',]

    redirect_url = forms.CharField(required=False, widget=forms.HiddenInput)

In the form that sets up the view, provide the data to be signed in the initial dictionary:

my_form = MyForm(initial={'redirect_url': self.request.path_info})

and in the view that handles the posted form:

def form_valid(self, form):
    # do some work
    return HttpResponseRedirect(form.cleaned_data['redirect_url'])

Note

If the user tampered with the hidden data, the form will not validate.

Warning

Only fields that contain JSON-serializable data can be signed. This includes all fields that are represented as text in the database, but not datetimes and other more “complex” types.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
django-signedforms-0.2.tar.gz (4.0 kB) Copy SHA256 hash SHA256 Source None May 13, 2013

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page