WTForms支持输入readonly属性?

时间:2022-09-11 20:55:16

Here they say it's not supported out of the box.

在这里,他们说它不支持开箱即用。

Do you know a way to make HTML input form fields use the 'readonly' attribute with WTForms?

您是否知道一种使HTML输入表单字段使用WTForms的'readonly'属性的方法?

4 个解决方案

#1


15  

I assume you are talking about the <input readonly> attribute in HTML/XHTML, which is not what that discussion thread you linked is about. (the linked thread is about a lower-level issue with how to ignore passed form input)

我假设您正在讨论HTML / XHTML中的属性,这不是您链接的讨论主题的内容。 (链接的线程是关于如何忽略传递的表单输入的低级问题)

The way to set a readonly attribute (and indeed any attribute on a field) is as a keyword-arg in your template. If using Jinja, this looks like (html5):

设置readonly属性(实际上是字段上的任何属性)的方法是在模板中作为keyword-arg。如果使用Jinja,这看起来像(html5):

{{ form.myfield(readonly=true) }}

And for XHTML or versions of WTForms older than 0.6.3:

对于XHTML或早于0.6.3的WTForms版本:

{{ form.myfield(readonly="readonly") }}

Just note that the 'readonly' attribute is only a hint to the browser, and it has no impact on what the user submits. This is to say, a malicious user (or someone using a browser with custom JS a la greasemonkey or a JS console or a DOM tree) could generate a POST request changing the value of a field regardless of whether the readonly attribute is set on the input tag.

请注意,'readonly'属性只是浏览器的一个提示,它对用户提交的内容没有任何影响。也就是说,恶意用户(或者使用带有自定义JS浏览器或者JS控制台或DOM树的浏览器)可以生成更改字段值的POST请求,而不管是否在readonly属性上设置了输入标签。

For this reason, the readonly attribute is only useful as an option to modify the user experience (for example, disabling a field based on some event/action using JS) and the input coming from a 'readonly' field is no more trust-able than any other form input.

出于这个原因,readonly属性仅用作修改用户体验的选项(例如,使用JS禁用基于某些事件/操作的字段),来自'readonly'字段的输入不再可信任比任何其他形式的输入。

#2


9  

The solution is using render_kw in form field declaration.

解决方案是在表单字段声明中使用render_kw。

my_field = fields.StringField('Label', render_kw={'readonly': True})

#3


4  

https://wtforms-components.readthedocs.org/en/latest/#

from wtforms import Form, DateField, TextField
from wtforms_components import TimeField, read_only

class EventForm(Form):
    name = TextField('Name')
    start_date = DateField('Start date')
    start_time = TimeField('Start time')

    def __init__(self, *args, **kwargs):
        super(EventForm, self).__init__(*args, **kwargs)
        read_only(self.name)

#4


0  

Another possibility is to use a hidden field, and then in your view, you can print out {{ form.field.data }} to display as text.

另一种可能是使用隐藏字段,然后在您的视图中,您可以打印出{{form.field.data}}以显示为文本。

#1


15  

I assume you are talking about the <input readonly> attribute in HTML/XHTML, which is not what that discussion thread you linked is about. (the linked thread is about a lower-level issue with how to ignore passed form input)

我假设您正在讨论HTML / XHTML中的属性,这不是您链接的讨论主题的内容。 (链接的线程是关于如何忽略传递的表单输入的低级问题)

The way to set a readonly attribute (and indeed any attribute on a field) is as a keyword-arg in your template. If using Jinja, this looks like (html5):

设置readonly属性(实际上是字段上的任何属性)的方法是在模板中作为keyword-arg。如果使用Jinja,这看起来像(html5):

{{ form.myfield(readonly=true) }}

And for XHTML or versions of WTForms older than 0.6.3:

对于XHTML或早于0.6.3的WTForms版本:

{{ form.myfield(readonly="readonly") }}

Just note that the 'readonly' attribute is only a hint to the browser, and it has no impact on what the user submits. This is to say, a malicious user (or someone using a browser with custom JS a la greasemonkey or a JS console or a DOM tree) could generate a POST request changing the value of a field regardless of whether the readonly attribute is set on the input tag.

请注意,'readonly'属性只是浏览器的一个提示,它对用户提交的内容没有任何影响。也就是说,恶意用户(或者使用带有自定义JS浏览器或者JS控制台或DOM树的浏览器)可以生成更改字段值的POST请求,而不管是否在readonly属性上设置了输入标签。

For this reason, the readonly attribute is only useful as an option to modify the user experience (for example, disabling a field based on some event/action using JS) and the input coming from a 'readonly' field is no more trust-able than any other form input.

出于这个原因,readonly属性仅用作修改用户体验的选项(例如,使用JS禁用基于某些事件/操作的字段),来自'readonly'字段的输入不再可信任比任何其他形式的输入。

#2


9  

The solution is using render_kw in form field declaration.

解决方案是在表单字段声明中使用render_kw。

my_field = fields.StringField('Label', render_kw={'readonly': True})

#3


4  

https://wtforms-components.readthedocs.org/en/latest/#

from wtforms import Form, DateField, TextField
from wtforms_components import TimeField, read_only

class EventForm(Form):
    name = TextField('Name')
    start_date = DateField('Start date')
    start_time = TimeField('Start time')

    def __init__(self, *args, **kwargs):
        super(EventForm, self).__init__(*args, **kwargs)
        read_only(self.name)

#4


0  

Another possibility is to use a hidden field, and then in your view, you can print out {{ form.field.data }} to display as text.

另一种可能是使用隐藏字段,然后在您的视图中,您可以打印出{{form.field.data}}以显示为文本。