我正在使用Flask撰写联系表单。
@app.route('/contact', methods=['GET', 'POST'])
def contact():
form = ContactForm()
title = u"Contact us"
if request.method == 'POST':
if form.validate() == False:
flash (u'All fields are required' )
return render_template('contact.html', form=form, title=title)
else:
msg = Message(u"[Appname]"+ form.subject.data,
sender=form.email.data,
recipients=["MyEmail@gmail.com"])
msg.body = form.message.data
mail.send(msg)
return render_template('contact.html', success=True)
elif request.method == 'GET':
return render_template('contact.html', form=form, title=title)
联系班级是:
from flask_wtf import Form
from wtforms import TextField, BooleanField, TextAreaField, SubmitField, validators, ValidationError
class ContactForm(Form):
name = TextField("Name", [validators.Required("Name ")])
email = TextField("Email", [validators.Required("Email "), validators.Email("Email ")])
subject = TextField("subject", [validators.Required("Subject ")])
message = TextAreaField("Message", [validators.Required("Message ")])
submit = SubmitField("Send")
该代码是否足以防止电子邮件头注入,xss和代码执行? Flask在执行代码之前是否提供安全检查?
PS:我知道这里需要验证码,但我的问题不是垃圾邮件。