{
  "context": "This criteria evaluates the engineer's proficiency in using Flask-WTF's per-instance CSRF control feature, specifically the ability to dynamically enable or disable CSRF protection when creating form instances using the meta parameter.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "FlaskForm Usage",
      "description": "Uses FlaskForm (or Form) class from flask_wtf to define the registration form with username and email fields.",
      "max_score": 15
    },
    {
      "name": "Field Definitions",
      "description": "Uses WTForms field types (StringField or equivalent) and validators (DataRequired or InputRequired) for the username and email fields.",
      "max_score": 10
    },
    {
      "name": "Meta Parameter",
      "description": "Uses the meta parameter when instantiating the form to control CSRF protection (e.g., Form(meta={'csrf': False}) or similar pattern).",
      "max_score": 35
    },
    {
      "name": "Dynamic CSRF Control",
      "description": "Correctly implements conditional logic that enables or disables CSRF protection based on the enable_csrf configuration value from the request.",
      "max_score": 25
    },
    {
      "name": "Form Validation",
      "description": "Uses the validate() or validate_on_submit() method from FlaskForm to validate the form data.",
      "max_score": 10
    },
    {
      "name": "Error Handling",
      "description": "Correctly accesses and returns form validation errors using form.errors attribute.",
      "max_score": 5
    }
  ]
}