skip to navigation
skip to content

tgext.utils 0.0.2

Collection of utilities for TurboGears2

About tgext.utils

tgext.utils is a collection of utilities for the TurboGears2 web framework.

Installing

tgext.utils can be installed from pypi:

pip install tgext.utils

should just work for most of the users.

CSRF Protection

tgext.utils.csrf provides two decorators @csrf_token and @csrf_protect which generate a CSRF token for inclusion in a form and check that the token is valid.

The user must apply @csrf_token decorator to the action that exposes the form, and put an <input type="hidden"> into the form with a request.csrf_token as the value and _csrf_token as name:

@csrf_token
@expose()
def form(self):
    return '''
    <form method="POST" action="/post_form">
        <input type="hidden" name="_csrf_token" value="%s">
    </form>''' % request.csrf_token

The action that receives the form must have @csrf_protect decorator, no particular action or check is required on this action:

@csrf_protect
@expose()
def post_form(self, **kwargs):
    return 'OK!'

MetaTags

tgext.utils.meta.metatags provides a convenient way to generate common meta tags for a web page.

In lib/helpers.py add:

from tgext.utils.meta import metatags

Then in your pages:

${h.metatags(title="pagetitle", description="Page Description", image="http://url/myimage.png")}
 
File Type Py Version Uploaded on Size
tgext.utils-0.0.2.tar.gz (md5) Source 2016-09-07 4KB