Skip to main content

A signed Django form

Project description

A small library that provides a form class that signs a configurable set of hidden fields using django.core.signing.

The most common use case for such a form is when the view that handles the post differs from the view that sets up the form, but you need to pass some information from one view to the other, without evil hackers tampering with your precious data.


Subclass SignedForm, and define which fields should be signed:

from signedforms.forms import SignedForm

class MyForm(SignedForm):
    signed_fields = ['redirect_url',]

    redirect_url = forms.CharField(required=False, widget=forms.HiddenInput)

In the form that sets up the view, provide the data to be signed in the initial dictionary:

my_form = MyForm(initial={'redirect_url': self.request.path_info})

and in the view that handles the posted form:

def form_valid(self, form):
    # do some work
    return HttpResponseRedirect(form.cleaned_data['redirect_url'])


If the user tampered with the hidden data, the form will not validate.


Only fields that contain JSON-serializable data can be signed. This includes all fields that are represented as text in the database, but not datetimes and other more “complex” types.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-signedforms-0.2.tar.gz (4.0 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page