{"library":"wtforms","title":"WTForms","description":"WTForms is a flexible forms validation and rendering library for Python web development, providing tools for data validation, CSRF protection, and internationalization. It is designed to be framework-agnostic, working with various web frameworks and template engines. It is actively maintained with regular releases.","status":"active","version":"3.2.1","language":"en","source_language":"en","source_url":"https://github.com/pallets-eco/wtforms","tags":["web development","forms","validation","html"],"install":[{"cmd":"pip install WTForms","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"WTForms requires Python 3.9 or newer.","package":"python","optional":false}],"imports":[{"symbol":"Form","correct":"from wtforms import Form"},{"note":"TextField was an alias for StringField, deprecated in WTForms 2.x and removed in 3.x. Use StringField instead.","wrong":"from wtforms import TextField","symbol":"StringField","correct":"from wtforms import StringField"},{"symbol":"SubmitField","correct":"from wtforms import SubmitField"},{"symbol":"validators","correct":"from wtforms import validators"},{"note":"Required was renamed to DataRequired in WTForms 2.x.","wrong":"from wtforms.validators import Required","symbol":"DataRequired","correct":"from wtforms.validators import DataRequired"}],"quickstart":{"code":"from wtforms import Form, StringField, PasswordField, validators, SubmitField\n\nclass LoginForm(Form):\n    username = StringField('Username', [validators.Length(min=4, max=25), validators.DataRequired()])\n    password = PasswordField('Password', [validators.DataRequired(), validators.Length(min=8)])\n    submit = SubmitField('Sign In')\n\n# Example usage (simulating a request)\nif __name__ == '__main__':\n    # Simulate form data from a POST request\n    mock_form_data = {\n        'username': 'testuser',\n        'password': 'securepassword',\n        'submit': 'Sign In'\n    }\n\n    form = LoginForm(data=mock_form_data)\n\n    if form.validate():\n        print(f\"Form validated successfully for user: {form.username.data}\")\n        # In a real application, you'd process the data here\n    else:\n        print(\"Form validation failed:\")\n        for field, errors in form.errors.items():\n            for error in errors:\n                print(f\"  {field}: {error}\")\n\n    # Example with invalid data\n    invalid_form_data = {\n        'username': 'abc',\n        'password': 'short',\n        'submit': 'Sign In'\n    }\n    invalid_form = LoginForm(data=invalid_form_data)\n\n    if not invalid_form.validate():\n        print(\"\\nInvalid form submitted:\")\n        for field, errors in invalid_form.errors.items():\n            for error in errors:\n                print(f\"  {field}: {error}\")","lang":"python","description":"Defines a simple login form with username, password, and submit fields, including basic length and data required validators. It then demonstrates instantiating the form with mock data and performing validation. For web frameworks, you would typically pass `request.form` or `request.json` to the form constructor."},"warnings":[{"fix":"Migrate to the equivalent standalone library for any removed `wtforms.ext.*` functionality. For example, `wtforms.ext.sqlalchemy` becomes `wtforms_sqlalchemy`.","message":"The `wtforms.ext.*` modules were completely removed in WTForms 3.0. These extensions (e.g., `wtforms.ext.sqlalchemy`, `wtforms.ext.appengine`, `wtforms.ext.csrf`) are now maintained as separate, independent packages (e.g., `WTForms-SQLAlchemy`, `WTForms-Appengine`, `Flask-WTF` for Flask integration with CSRF built-in).","severity":"breaking","affected_versions":"3.0.0 and later"},{"fix":"Update imports and usage from `Required` to `DataRequired`.","message":"The `wtforms.validators.Required` validator was renamed to `wtforms.validators.DataRequired` in WTForms 2.0 to clarify its behavior (checks for non-empty data).","severity":"breaking","affected_versions":"2.0.0 and later"},{"fix":"Replace all instances of `TextField` with `StringField`.","message":"The `TextField` alias for `StringField` was deprecated in WTForms 2.x and removed in 3.x.","severity":"breaking","affected_versions":"3.0.0 and later"},{"fix":"When accessing form errors, check `form.errors.get('')` instead of `form.errors.get(None)`. If you need to revert to the old behavior, you can set `_form_error_key=None` on your form class.","message":"In WTForms 3.2.0, the key used for form-level errors (not specific to a field) moved from `None` to an empty string `\"\"`.","severity":"breaking","affected_versions":"3.2.0 and later"},{"fix":"Implement file handling logic separately in your application's view functions, utilizing your web framework's capabilities for processing uploaded files after WTForms validates the field's presence/metadata.","message":"WTForms provides the `FileField` for file input but does not handle the actual file upload storage or processing. This is typically managed by the underlying web framework (e.g., Flask's `request.files`, Django's `request.FILES`).","severity":"gotcha","affected_versions":"All versions"},{"fix":"For basic usage, ensure your form includes a `CSRFTokenField` and your template renders it. If using a framework-specific integration, consult its documentation (e.g., `Flask-WTF` automatically handles this if `SECRET_KEY` is set).","message":"WTForms handles CSRF protection directly within the core library since version 2.0, moving it out of `wtforms.ext.csrf`. If integrating with frameworks like Flask, companion libraries such as `Flask-WTF` often provide a more streamlined, automated CSRF implementation.","severity":"gotcha","affected_versions":"2.0.0 and later"}],"env_vars":null,"last_verified":"2026-04-05T00:00:00.000Z","next_check":"2026-07-04T00:00:00.000Z"}