Paper 1 Web Applications Answers

These answers correspond to Paper 1 Web Applications Drills.

Answer 1: Web vs Native

The attendance system is well suited to a web application because teachers can access it through a browser on different laptops without installing separate software.

The camera app is well suited to a native application because it needs offline use and direct access to device-specific camera controls.

Mark points:

  • web app linked to browser access across devices;
  • web app linked to no local installation or central updates;
  • native app linked to installed platform-specific software;
  • native app linked to offline use or device-specific hardware access.

Common weak answer:

  • saying web apps are always better because they are online. The camera scenario has requirements that fit a native app.

Answer 2: Usability

Two valid improvements:

  • Add clear labels such as Username and Password beside the text boxes, so users can recognise what each field requires.
  • Replace "Error" with a more useful message such as "Incorrect username or password", so users know what went wrong and how to recover.
  • Make the password field use type="password", so typed characters are masked from casual shoulder-surfing.
  • Keep layout and button placement consistent, so the action is predictable.

Mark points:

  • 1 mark for each concrete usability improvement;
  • 1 mark for each linked benefit, up to 4 marks.

Common weak answer:

  • saying only “make it nicer” without naming a specific usability change or explaining how it helps the user.

Answer 3: HTML Form Name Attribute

The name attribute gives the key used when the browser submits the form data.

Because the input has name="student_name", Flask can retrieve the submitted value using:

request.form["student_name"]

Mark points:

  • identifies name as the submitted form-data key;
  • links student_name to request.form["student_name"].

Common weak answer:

  • confusing name with the visible label shown to the user.

Answer 4: GET vs POST

The library search form is suitable for GET because it retrieves information and the search keyword can be included in the URL, making the search link shareable/bookmarkable.

The login form should use POST because it sends sensitive credentials in the request body and performs an authentication action.

Mark points:

  • GET linked to retrieval/search;
  • GET linked to URL query string/shareable search;
  • POST linked to login submission;
  • POST linked to not placing credentials in the URL.

Common weak answer:

  • saying POST encrypts the password. HTTPS provides encryption; POST mainly avoids placing form data in the URL.

Answer 5: Flask Route

The route handles the URL path:

/status

When the path is requested, Flask calls status() and returns:

OK

Mark points:

  • identifies /status as the path;
  • states that the returned response body is OK.

Common weak answer:

  • saying the URL path is /OK. OK is the response, not the route path.

Answer 6: Jinja Variable

The <h1> element displays:

<h1>Asha</h1>

The route passes username="Asha" into render_template. The Jinja expression {{ username }} is replaced by that value when the template is rendered.

Mark points:

  • states that Asha appears in the page;
  • explains that the route passes username to the template;
  • explains that {{ username }} is replaced during rendering.

Common weak answer:

  • saying the browser runs Python to get the value. The template is rendered by Flask on the server.

Answer 7: Static Files

{{ url_for('static', filename='style.css') }}

Mark points:

  • 1 mark for correctly using url_for('static', filename='style.css').

Common weak answer:

  • linking to templates/style.css; static assets should be served from static/.

Answer 8: Template Folder

This may fail because Flask normally looks for templates in a folder named:

templates

The current folder is named template, so render_template("home.html") may not find the file.

Mark points:

  • explains that Flask uses the default templates/ folder;
  • states the corrected folder name templates.

Common weak answer:

  • renaming the file to template.html; the folder name is the issue.

Answer 9: Upload Risk

Risk:

  • profile.exe may be executable malware or an unsafe file type disguised as a profile picture.
  • If accepted unsafely, the file could be served, opened, or misused as executable content rather than treated as an image.

Controls:

  • Reject files whose extensions are not in an allowed list such as .png, .jpg, or .jpeg.
  • Use another control such as checking file size, generating a safe server-side filename, or saving uploads outside executable locations.

Extension checking alone is not a complete guarantee that the content is safe.

Mark points:

  • identifies a realistic upload risk;
  • links the risk to executable or unsafe file type;
  • gives a suitable mitigation such as extension/type checking;
  • gives an additional practical mitigation or explains how the mitigation reduces the risk.

Common weak answer:

  • accepting the file because it has the word profile in its name.

Answer 10: Local Testing

Two valid checks:

  • Start the Flask app locally and visit each route to confirm there are no errors.
  • Submit each form and check the expected output or database change occurs.
  • Check that templates render correctly from templates/.
  • Check that CSS loads from static/.
  • Check that the SQLite database path is correct and the required tables exist.

Mark points:

  • 1 mark for each valid local check, up to 2 marks.

Common weak answer:

  • checking only that the Python file exists, without running the app or testing routes.