Ticket #11362: csrf_double_quotes.diff

File csrf_double_quotes.diff, 1.3 KB (added by Patryk Lorenowicz, 15 years ago)

  • middleware.py

     
    9191                response['Content-Type'].split(';')[0] in _HTML_TYPES:
    9292
    9393            # ensure we don't add the 'id' attribute twice (HTML validity)
    94             idattributes = itertools.chain(("id='csrfmiddlewaretoken'",),
     94            idattributes = itertools.chain(('id="csrfmiddlewaretoken"',),
    9595                                            itertools.repeat(''))
    9696            def add_csrf_field(match):
    9797                """Returns the matched <form> tag plus the added <input> element"""
    98                 return mark_safe(match.group() + "<div style='display:none;'>" + \
    99                 "<input type='hidden' " + idattributes.next() + \
    100                 " name='csrfmiddlewaretoken' value='" + csrf_token + \
    101                 "' /></div>")
     98                return mark_safe(match.group() + '<div style="display:none;">' + \
     99                '<input type="hidden" ' + idattributes.next() + \
     100                ' name="csrfmiddlewaretoken" value="' + csrf_token + \
     101                '" /></div>')
    102102
    103103            # Modify any POST forms
    104104            response.content = _POST_FORM_RE.sub(add_csrf_field, response.content)
Back to Top