def post(self): user = users.get_current_user() if not user: return self.write("You are not logged in!") author = self.request.get("name") email = user.email() sendto = self.request.get("to-mail") subject = self.request.get("to-subject") message = self.request.get("message") if not author: author = "Anonymous" if not sendto: sendto = "Write your email" if not subject: subject = "none" if "<script>" in message: return self.write("insert non JS") msg_object = Message(message=message.replace("<script>", "")) msg_object.author_name = author msg_object.email = email msg_object.sendto = sendto msg_object.subject = subject msg_object.put() return self.redirect_to("message-site")