In the first recipe of this chapter, we learned that CSRF is an important part of webform security. We will talk about it in detail now. CSRF stands for Cross-Site Request Forgery, which basically means that someone can hack into the request that carries a cookie and use this to trigger some destructive action. We won't be discussing CSRF in detail here, as ample resources are available on the Internet to learn about this. We will talk about how WTForms will help us in preventing CSRF. Flask does not provide any security from CSRF by default, as this has to be handled at the form validation level, which is not provided by Flask. However, this is done by the Flask-WTF extension for us.
Note
More about CSRF can be read at http://en.wikipedia.org/wiki/Cross-site_request_forgery.