Hi,
I need to convert the value of the following input field posted to views.py from a template form to a Python list for processing
<input type="hidden" name="allowed-extensions-csv" value="jpg,jpeg,png" />
I have tried to process the following request object in many ways:
allowed_extensions = request.POST.get('allowed-extensions-csv')
Required Python list:
['jpg', 'jpeg', 'png']
Please help!
And? What happens? How is it different to what you want to happen?
I have tried almost everything on Stackoverflow and other platforms and keep getting different dictionary or object related errors!
I am new to Python/Django and have about 10 years of PHP/frameworks experience! I want to shift to Django knowing its popularity.
I also tried by separating the values using an HTML input array:
template.html
<input type="hidden" name="allowed-extensions-csv[]" value="jpg" />
<input type="hidden" name="allowed-extensions-csv[]" value="jpeg" />
<input type="hidden" name="allowed-extensions-csv[]" value="png" />
and then views.py
allowed_extensions = request.POST.get("allowed-extensions", "").split(",")
allowed_extensions = [ext.strip() for ext in allowed_extensions if ext.strip()]
I would like to ask you to please give it a try to both scenarios with and/or without HTML input array! Thanks!
Welcome @amirak17 !
Please define the results that you are trying to achieve here.
What exactly are you looking to get from this?
And what are you getting from your various attempts?
Also, please provide more context around what you’re trying to do. What does the form, view, and template look like?
The idea is to check the extension of the file being uploaded against the allowed extensions array/list. Allowed extensions are given in the template comma comma-separated in an input field.
So that code in the views.py can be reused without making any changes to it. Only changes in the template will do the trick.
In case of images: jpg,jpeg,png or in the case of documents: docx,pdf,xlsx etc
That’s actually a security hole. There is nothing that prevents a user from altering that hidden field, allowing them to supply files with any extension that they want to upload.
You never want to trust anything coming from the browser - this type of validation can only be done on the server.
If you need it to be easily changed and edited, then put these values in a model.
Well, end-users will not change the code; they will only upload files.
As programmers, simply by changing the template, we can implement different instances for images or docs.
Change the code? No. Change the HTML in the browser? Absolutely - if they have any desire to do it.
Trying to do it this way opens yourself up to a host of potential problems.
My friend end-users won’t make any changes to the code! It is all login based anyway.
Please let me know if there is a way to convert comma separated input hidden field to a Python list after pressing submit.
For example from:
<input type="hidden" name="allowed-extensions-csv" value="jpg,jpeg,png" />
To this:
['jpg', 'jpeg', 'png']
Thanks
Ken is right that this is a very bad idea, a bad way to do things.
Also, you still have not said what result you’re getting from what you’ve tried so far.
allowed_extensions = request.POST.get("allowed-extensions", "").split(",")
this did the trick!