Code

Opened 7 years ago

Closed 7 years ago

#3157 closed defect (fixed)

[patch] error messge in csrf protection is not valid XHTML

Reported by: mir@… Owned by: adrian
Component: Contrib apps Version:
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

The error message that contrib.csrf outputs when it detects manipulation is not valid XHTML. If you use application/xhtml+xml as content type, this will result in rendering an xhtml syntax error message with a xhtml capable browser like firefox 1.5+.

Attachments (1)

csrf_xhtml.diff (606 bytes) - added by mir@… 7 years ago.
patch

Download all attachments as: .zip

Change History (2)

Changed 7 years ago by mir@…

patch

comment:1 Changed 7 years ago by adrian

  • Resolution set to fixed
  • Status changed from new to closed

(In [4225]) Fixed #3157 -- Made error message XHTML-friendly in CSRF middleware. Thanks, mir@…

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.