I am trying out pyramid with deform. However the form is not rendered as form but a pure string
@view_config(route_name='sign_up', renderer='templates/sign_up.jinja2')
def sign_up(request):
schema = SignUpForm().bind(request=request)
button = deform.form.Button(name='SignUp', title = 'Sign Up')
form = deform.form.Form(schema, buttons=(button, ))
if request.method == 'POST':
try:
appstruct = form.validate(request.POST.items())
# Save the data to database
print('saved')
print(appstruct['username'])
request.session.flash('your have succesfully registered')
return HTTPFound('/')
except deform.exception.ValidationFailure as e:
rendered_form = form.render()
else:
print('rendering the form')
rendered_form = form.render();
return {'rendered_form': rendered_form}
This is my HTML using Jinja2 templating.
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
</head>
<body>
{{rendered_form}}
</body>
</html>
All the form information shows up as pure literal string like <form method=POST> etc in the browser
class SignUpForm(deform.schema.CSRFSchema):
username = colander.SchemaNode(
colander.String(),
title = 'Username')
password = colander.SchemaNode(
colander.String(),
title = 'Password')
Jinja2 is configured to auto-escape any variables in your template to avoid XSS attacks from untrusted markup in variables. You can turn off auto-escaping for the form (because deform can be trusted to escape the rendered data on its own) via {{ rendered_form | safe }}.