diff --git a/4_Formularios.md b/4_Formularios.md
index 300550f..9e7f9c7 100644
--- a/4_Formularios.md
+++ b/4_Formularios.md
@@ -116,3 +116,66 @@ def buscar(request):
 </body>
 ```
 
+### Limitar cantidad de caracteres en busqueda
+
+*views.py*
+```
+...
+
+def buscar(request):
+    # Validación campo vacio
+    if request.GET["prod"]:
+        prod_buscar = request.GET["prod"]
+        if len(prod_buscar) > 20:
+            msj = "Termino de búsqueda demasiado largo"
+        else:
+            articulos = Articulos.objects.filter(nombre__icontains=prod_buscar)
+            return render(request, "resultado_busqueda.html", {"articulos":articulos, "query":prod_buscar})
+    ...
+```
+
+### Formulario de contacto
+
+*views.py*
+
+
+*contacto.html*
+```
+    <body>
+        <h1>Formulario de contacto</h1>
+        <form action="/contacto/" method="POST">
+        {% csrf_token %}
+        
+            <p>Asunto: <input type="text" name="asunto"></p>
+            <p>Mail  : <input type="text" name="mail"></p>
+            <p>Mensaje: </p>
+            <p><textarea name="mensaje" rows="15" cols="45"></textarea></p>
+            
+            <input type="submit" value="Enviar">
+        </form>
+    </body>
+```
+***{% csrf_token %}*** Protección contra [**CSRF**](https://docs.djangoproject.com/en/3.0/ref/csrf/)  
+*This should not be done for POST forms that target external URLs, since that would cause the CSRF token to be leaked, leading to a vulnerability.*  
+
+*gracias.html*
+```
+...
+<h1>Gracias por contactarnos</h1>
+...
+```
+*views.py*
+```
+...
+def contacto(request):
+    if request.method == "POST":
+        return render(request, "gracias.html")
+    return render(request, "contacto.html")
+```
+
+*urlpatterns urls.py*
+```
+...
+    path('contacto/', views.contacto),`  
+...
+```