id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
31101	{% csrf_token %} fails validation for xhtml	Ruben Garcia	nobody	"{% csrf_token %} produces
<input type=""hidden"" name=""csrfmiddlewaretoken"" value=""TOKEN"">
which does not work with xhtml.
https://docs.djangoproject.com/en/3.0/ref/csrf/
does not mention any option to make it output the correct value
<input type=""hidden"" name=""csrfmiddlewaretoken"" value=""TOKEN""/>

Of course, templates could use
<input type=""hidden"" name=""{{CSRF_COOKIE_NAME}}"" value={{csrf_token}}/>
themselves, but this should be easy to implement.

If there is a general django option which all middleware uses to distinguish html from xhtml, I have not found it; I would request that it be mentioned at
https://docs.djangoproject.com/en/3.0/ref/csrf/"	Cleanup/optimization	closed	CSRF	3.0	Normal	wontfix	xhtml, csrf		Unreviewed	0	0	0	0	1	0