Eager to get started? This page gives a good introduction to Flask-WTF. It assumes you already have Flask-WTF installed. If you do not, head over to the Installation section.
Flask-WTF provides you with the integration WTForms. For example:
from flask_wtf import Form
from wtforms import TextField
from wtforms.validators import DataRequired
class MyForm(Form):
name = TextField(name, validators=[DataRequired()])
Note
From version 0.9.0, Flask-WTF will not import anything from wtforms, you need to import fields from wtforms.
In addition, a CSRF token hidden field is created automatically. You can render this in your template:
<form method="POST" action="/">
{{ form.csrf_token }}
{{ form.name.label }} {{ form.name(size=20) }}
<input type="submit" value="Go">
</form>
However, in order to create valid XHTML/HTML the Form class has a method hidden_tag which renders any hidden fields, including the CSRF field, inside a hidden DIV tag:
<form method="POST" action="/">
{{ form.hidden_tag() }}
{{ form.name.label }} {{ form.name(size=20) }}
<input type="submit" value="Go">
</form>
Validating the request in your view handlers:
@app.route('/submit', methods=('GET', 'POST'))
def submit():
form = MyForm()
if form.validate_on_submit():
return redirect('/success')
return render_template('submit.html', form=form)
Note that, you don’t have to pass request.form to Flask-WTF, it will load automatically. And the convience validate_on_submit will check if it is a POST request and if it is valid.
Heading over to Creating Forms to learn more skills.