Opened 17 years ago
Closed 14 years ago
#6925 closed Bug (wontfix)
CSRF html output is not valid html (it is xhtml)
Reported by: | Jeffrey Gelens | Owned by: | Jeffrey Gelens |
---|---|---|---|
Component: | CSRF | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Someday/Maybe | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
The csrfmiddlewaretoken output input field is XHTML and invalidates HTML 4.01 pages when used.
To enable HTML output I think the following setting will be ok:
CSRF_MIDDLEWARE_OUTPUT_HTML = True
With default set to False.
The current output looks like,
<div style='display:none;'><input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='f78gdfgf68gdfs6' /></div>
So the new output will look like this (with html output enabled):
<div style='display:none;'><input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='f78gdfgf68gdfs6'></div>
Attachments (1)
Change History (9)
by , 17 years ago
Attachment: | csrf_html_fix.diff added |
---|
comment:1 by , 17 years ago
Status: | new → assigned |
---|
comment:2 by , 16 years ago
Triage Stage: | Unreviewed → Someday/Maybe |
---|
comment:4 by , 16 years ago
milestone: | → post-1.0 |
---|
comment:6 by , 14 years ago
Component: | Contrib apps → contrib.csrf |
---|
comment:7 by , 14 years ago
Severity: | → Normal |
---|---|
Type: | → Bug |
comment:8 by , 14 years ago
Easy pickings: | unset |
---|---|
Resolution: | → wontfix |
Status: | assigned → closed |
There is now no way we are going to provide a setting to control the HTML flavour of a single feature. It is doubtful whether we are ever going to support HTML4, as we are moving more to HTML5 now. If we ever do move to multiple-flavour, there is no need to have a separate ticket for this - #7452 tracks that.
Note: the preview for the patch doesn't seem to work, it can be download by clicking "Original Format".