我正在开发一款应用,我希望能够在他们使用模式的文档中使用flask jquery编辑数据表:
controlers:
@GCInv.route('/_add_numbers')
def add_numbers():
a = request.args.get('a', 0, type=int)
b = request.args.get('b', 0, type=int)
return jsonify(result=a + b)
@GCInv.route('/')
def index():
return render_template('testAJAX.html')
HTML: <
!DOCTYPE html>
<html lang="en">
<head>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<script src="static/test.js"></script>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<script type=text/javascript>
$SCRIPT_ROOT = {{ request.script_root|tojson|safe }}
</script>
<h1>jQuery Example</h1>
<p><input type=text size=5 name=a> +
<input type=text size=5 name=b> =
<span id=result>?</span>
<p><a href=# id=calculate>calculate server side</a>
</body>
</html>
Java脚本:
$(function() {
$('a#calculate').bind('click', function() {
$.getJSON($SCRIPT_ROOT + '/_add_numbers', {
a: $('input[name="a"]').val(),
b: $('input[name="b"]').val()
}, function(data) {
$("#result").text(data.result);
});
return false;
});
});
在此示例中,用户可以调用&#39; _add_numbers&#39;让这条路线保持开放似乎是一种安全风险是否有办法制作装饰者或制作路线,以便只能在内部调用?
答案 0 :(得分:0)
def get_form(self, form_class=None):
if form_class is None:
form_class = self.form_class
...