Opened 8 years ago

Closed 4 years ago

#6925 closed Bug (wontfix)

CSRF html output is not valid html (it is xhtml)

Reported by: jgelens Owned by: jgelens
Component: CSRF Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Someday/Maybe
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX:


The csrfmiddlewaretoken output input field is XHTML and invalidates HTML 4.01 pages when used.

To enable HTML output I think the following setting will be ok:
With default set to False.

The current output looks like,

<div style='display:none;'><input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='f78gdfgf68gdfs6' /></div>

So the new output will look like this (with html output enabled):

<div style='display:none;'><input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='f78gdfgf68gdfs6'></div>

Attachments (1)

csrf_html_fix.diff (2.5 KB) - added by jgelens 8 years ago.

Download all attachments as: .zip

Change History (9)

Changed 8 years ago by jgelens

comment:1 Changed 8 years ago by jgelens

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Status changed from new to assigned

Note: the preview for the patch doesn't seem to work, it can be download by clicking "Original Format".

comment:2 Changed 7 years ago by telenieko

  • Triage Stage changed from Unreviewed to Someday/Maybe

a thread about this from 2006.
Also, more recent: this one about HTML4 and XHTML in general.

It was said to hold this kind of stuff until 1.0 gets out.

comment:3 Changed 7 years ago by telenieko

#7452 is there to keep track of the HTML5/XHTML thing.

comment:4 Changed 7 years ago by julianb

  • milestone set to post-1.0

comment:5 Changed 7 years ago by anonymous

  • milestone post-1.0 deleted

Milestone post-1.0 deleted

comment:6 Changed 5 years ago by gabrielhurley

  • Component changed from Contrib apps to contrib.csrf

comment:7 Changed 5 years ago by julien

  • Severity set to Normal
  • Type set to Bug

comment:8 Changed 4 years ago by lukeplant

  • Easy pickings unset
  • Resolution set to wontfix
  • Status changed from assigned to closed

There is now no way we are going to provide a setting to control the HTML flavour of a single feature. It is doubtful whether we are ever going to support HTML4, as we are moving more to HTML5 now. If we ever do move to multiple-flavour, there is no need to have a separate ticket for this - #7452 tracks that.

Note: See TracTickets for help on using tickets.
Back to Top