开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
plone.app.z3cform
文件大小: unknow
源码售价: 5 个金币 积分规则     积分充值
充值1元得10金币   
资源说明:A Plone specific integration and HTML mark-up for z3c.form
=================
plone.app.z3cform
=================

A Plone specific integration and HTML mark-up for z3c.form.

This is a Plone core package.

.. contents:: Table of Contents

Introduction
==============

This Plone package is aimed for developers who want to create forms in Python code.

Please read the documentation for `z3c.form`_, which contains important information about using z3c.form in Zope 2 in general. 
For the most part, that package contains the "active" parts that you need to know about, and this package provides "passive" overrides that make the forms integrate with Plone.

Features
========

The following Plone and z3c.form integration is added

* Plone *main_template.pt* integration
* Plone specific widget frame
* Date/time pickers
* WYSIWYG widget (TinyMCE visual editor with Plone support)
* CRUD forms

Out of the box form templates
=============================

The form and widget templates are applied in the following order

* *plone.app.z3cform* specific
* *plone.z3cform* specific
* *z3c.form* specific

*plone.app.z3cform* package overrides the ``@@ploneform-macros`` view from `plone.z3cform`_, using standard Plone markup for form fields, fieldsets, etc.

All the macros described in `plone.z3cform`_ are still available. 
In addition, you can use the ``widget_rendering`` macro to render all the default widgets, but none of the fieldsets (groups) or the fieldset headers (which would be rendered with the ``fields`` macro).

Each widget is rendered using the ``@@ploneform-render-widget`` view, which by default includes the widget's label, required indicator, description, errors, and the result of ``widget.render()``.  
This view may be overridden for particular widget types in order to customize this widget chrome.

Customizing form behavior
=========================

Form method
-----------

If your form instance defines a property called ``method`` it allows you to set whether form is HTTP POST or HTTP GET. 
The default is POST. 
This translates to ``
`` attribute.

Example::

    class HolidayServiceSearchForm(form.Form):
            """ Example search form of which results can be bookmarked.

            Bookmarking is possible because we use HTTP GET method.
            """

            method = "get"

Form action
-----------

Form ``action`` property defines HTTP target where the form is posted. 
The default is the same page where the form was rendered, ``request.getURL()``.

Example::

        class HolidayServiceSearchForm(form.Form):

            def action(self):
                """ Redefine  attribute.

                We use URL fragment to define the  anchor
                were we directly scroll at the results when the form is posted,
                skipping unnecessary form fields part. The user can scroll
                back there if he/she wants modify the parameters.
                """

                # Context item URL + form view name + link fragment.
                # This works for HTTP GET forms only.
                # Note that we cannot use request.getURL() as it might contain
                # 1) prior fragment 2) GET query parameters messing up the UrL
                return self.context.absolute_url() + "/holidayservice_view" + "#searched"

Fieldsets and tabs
------------------

You can fieldsets to your form if you subclass the form from z3c.form.group.GroupForm.
The default behavior of Plone is to turn these fieldsets to tabs 
(as seen on any *Edit* view of content item).

You can disable this behavior for your form::

    class ReportForm(z3c.form.group.GroupForm, z3c.form.form.Form):

        # Disable turn fieldsets to tabs behavior
        enable_form_tabbing  = False

Unload protection
-----------------

The default behaviour on Plone is to add a confirm box if you leave a form you have modified without having submitted it.

You can disable this behavior for your form::

    class SearchForm(z3c.form.group.GroupForm, z3c.form.form.Form):

        # Disable unload protection behavior
        enable_unload_protection  = False

Autofocus
---------

The default behaviour on Plone Forms is to use the formautofocus pattern to focus the "first" input field.

You can disable this behavior for your form::

    class SearchForm(z3c.form.group.GroupForm, z3c.form.form.Form):

        # Disable autofocus behavior
        enable_autofocus = False



CSRF Protection
===============

A common vulnerability affecting web forms is cross-site request forgery (CSRF).
This attack occurs when the user of your site visits a third-party site that uses Javascript to post to a URL on your site without the user's knowledge, taking advantage of the user's active session.

plone.app.z3cform can protect against this type of attack by adding a unique token as a hidden input when rendering the form, and checking to make sure it is present as a request parameter when form actions are executed.

To turn on this protection, enable the form's enableCSRFProtection attribute.
Example::

    class PasswordForm(form.Form):
        """Form to set the user's password."""
        enableCSRFProtection = True

Form main template override
===========================

Forms are framed by *FormWrapper* views. 
It places rendered form inside Plone page frame. 
The default *FormWrapper* is supplied automatically, but you can override it.

Below is a placeholder example with few `