- Python Automation Cookbook
- Jaime Buelta
- 167字
- 2021-08-13 15:51:16
There's more...
Other than following the format of forms and inputting valid values, the main problem when working with forms is the multiple ways of preventing spam and abusive behavior.
A very common limitation is to ensure that you downloaded the form before submitting it, to avoid submitting multiple forms or Cross-Site Request Forgery (CSRF).
CSRF, which means producing a malicious call from a page to another taking advantage that your browser is authenticated, is a serious problem. For example, entering in a puppies site that take advantage of you being logged into your bank page to perform operations "on your behalf". Here is a good description of it: https://stackoverflow.com/a/33829607. New techniques in browsers help with these issues by default.
To obtain the specific token, you need to first download the form, as shown in the recipe, obtain the value of the CSRF token, and resubmit it. Note that the token can have different names; this is just an example:
>>> form.find(attrs={'name': 'token'}).get('value')
'ABCEDF12345'