django-careful-forms is a small extension on top of django's Forms system. It can help you discover potential security oversights in your forms.
It will emit warnings if there are any fields defined on forms that have not been accessed (the asumption beeing that not accessed fields will also not have been rendered in the template / displayed to the user).
The easy & recommended way:
pip install django-careful-forms
#. Add ``"careful_forms.middleware.CarefulFormsMiddlware"`` to your projects ``settings.MIDDLEWARE_CLASSES``. You should add it near the beginning of the list to make sure all forms are covered.
#. For every form that you want to be monitored by django-careful-forms change the base class of your forms to ``careful_forms.forms.CarefulModelForm`` (or ``CarefulForm`` for regular forms).
In case you already have a custom form base class you can also add ``CarefulFormMixin`` to it.
.. code:: python
class YetMoreForms(CarefulFormMixin, CustomFormBaseClass):