Opened 14 years ago

Closed 14 years ago

Last modified 12 years ago

#12156 closed (wontfix)

The csrf_token should be able to use a custom template

Reported by: Adrian Ribao Owned by: Eric Holscher
Component: Contrib apps Version: dev
Severity: Keywords: csrf_token, template
Cc: aribao@… Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The code generated by this tag is wrapped into a <div style='display:none;'>

It would be very usefull in order to avoid some design problems.

Besides I'd like it more if instead of having style='display:none' was <div class="hidden"> for example.

Change History (8)

comment:1 by Eric Holscher, 14 years ago

Owner: changed from nobody to Eric Holscher
Status: newassigned

Might not be the correct solution, but it should be somehow themable.

comment:2 by Eric Holscher, 14 years ago

Owner: Eric Holscher removed
Status: assignednew

comment:3 by Eric Holscher, 14 years ago

Triage Stage: UnreviewedAccepted

comment:4 by Luke Plant, 14 years ago

Would you mind specifying what the design problems are? The whole output is supposed to be invisible.

The problem here is that any solution is going to be global, and I imagine that if you change it to 'work' in one app, it might not 'work' in another app. I don't want to introduce a setting which will have this problem. Rather, we should encourage consistency.

<div class="hidden"> depends on there being some certain CSS, which isn't a good idea. Actually, the whole style="display:none" is just being defensive against browser bugs anyway, it shouldn't strictly be needed. But the div itself is needed, for HTML validity.

comment:5 by Adrian Ribao, 14 years ago

Owner: set to Adrian Ribao
Status: newassigned

I know that is supposed to be invisible, but the designer should have all the control over the HTML. IMHO I don't like to insert any style into the HTML, and it's a guideline in my company.

Besides of that, I don't think this makes any application less consistent, Django provides in several parts a way to override a template.

The first priority should be to provide full control of the generated HTML.

comment:6 by Adrian Ribao, 14 years ago

Owner: changed from Adrian Ribao to Eric Holscher
Status: assignednew

comment:7 by Luke Plant, 14 years ago

Resolution: wontfix
Status: newclosed

I think this is one of those cases where guidelines should be broken :-) because:

  • We never want the div to be displayed, so it should be invisible preferably even the in presence of rules like form div { margin: 10px; }
  • We cannot output class=hidden, because this code needs to be stylesheet agnostic.

If you are desperate, then provide your own {% csrf_token %} - if you load a template library that provides one, it will override the builtin. You could also use template.add_to_builtins. The amount of code needed is very small.

Closing WONTFIX for the above reasons - a stylistic problem in some code invisible to the user is not a bug :-)

comment:8 by Jacob, 12 years ago

milestone: 1.2

Milestone 1.2 deleted

Note: See TracTickets for help on using tickets.
Back to Top