Recipes

Validating Non-User Input

It’s often important to validate input that is not entered directly by a user, but is still untrusted. For example, a client process running on a remote machine may construct a URL algorithmically.

In this case, we don’t want to deal with the full ‘plumbing’ of form error rendering, we just want to make sure the input is safe. pyramid_uniform.Form.assert_valid() can be used for this purpose.

from pyramid_uniform import Form

Form(request, MySchema).assert_valid()

Skipping CSRF Protection

CSRF protection is always on by default. To skip it, pass skip_csrf=True to any relevant methods.

form = Form(request, MySchema)
if form.validate(skip_csrf=True):
     pass