Added AntiForgeryToken to SSVE

src/Nancy.Tests/Fakes/FakeViewEngineHost.cs

@@ -53,5 +53,14 @@ public string ExpandPath(string path)
         {
             return this.ExpandPathCallBack != null ? this.ExpandPathCallBack.Invoke(path) : path;
         }
+
+        /// <summary>
+        /// Get the anti forgery token form element
+        /// </summary>
+        /// <returns>String containin the form element</returns>
+        public string AntiForgeryToken()
+        {
+            return "CSRF";
+        }
     }
 }

src/Nancy.Tests/Unit/ViewEngines/SuperSimpleViewEngineTests.cs

@@ -678,6 +678,18 @@ public void Should_call_to_expand_paths()
 
             Assert.Equal("<script src='/BasePath/scripts/test.js'></script>", result);
         }
+
+        [Fact]
+        public void Should_expand_anti_forgery_tokens()
+        {
+            const string input = "<html><body><form>@AntiForgeryToken</form><body></html>";
+            var fakeViewEngineHost = new FakeViewEngineHost();
+            var viewEngine = new SuperSimpleViewEngine();
+
+            var result = viewEngine.Render(input, null, fakeViewEngineHost);
+
+            Assert.Equal("<html><body><form>CSRF</form><body></html>", result);
+        }
     }
 
     public class User

src/Nancy/ViewEngines/SuperSimpleViewEngine/IViewEngineHost.cs

@@ -35,5 +35,11 @@ public interface IViewEngineHost
         /// <param name="path">Path to expand</param>
         /// <returns>Expanded path</returns>
         string ExpandPath(string path);
+
+        /// <summary>
+        /// Get the anti forgery token form element
+        /// </summary>
+        /// <returns>String containin the form element</returns>
+        string AntiForgeryToken();
     }
 }

src/Nancy/ViewEngines/SuperSimpleViewEngine/NancyViewEngineHost.cs

@@ -65,5 +65,16 @@ public string ExpandPath(string path)
         {
             return this.renderContext.ParsePath(path);
         }
+
+        /// <summary>
+        /// Get the anti forgery token form element
+        /// </summary>
+        /// <returns>String containin the form element</returns>
+        public string AntiForgeryToken()
+        {
+            var tokenKeyValue = this.renderContext.GetCsrfToken();
+
+            return string.Format("<input type=\"hidden\" name=\"{0}\" value=\"{1}\"", tokenKeyValue.Key, tokenKeyValue.Value);
+        }
     }
 }

src/Nancy/ViewEngines/SuperSimpleViewEngine/SuperSimpleViewEngine.cs

@@ -59,6 +59,11 @@ public class SuperSimpleViewEngine
         /// </summary>
         private static readonly Regex PathExpansionRegEx = new Regex(@"(?:@Path\[\'(?<Path>.+?)\'\]);?", RegexOptions.Compiled);
 
+        /// <summary>
+        /// Compiled RegEx for the CSRF anti forgery token
+        /// </summary>
+        private static readonly Regex AntiForgeryTokenRegEx = new Regex(@"@AntiForgeryToken;?", RegexOptions.Compiled);
+
         /// <summary>
         /// View engine transform processors
         /// </summary>
@@ -75,6 +80,7 @@ public SuperSimpleViewEngine()
                     this.PerformEachSubstitutions,
                     this.PerformConditionalSubstitutions,
                     this.PerformPathSubstitutions,
+                    this.PerformAntiForgeryTokenSubstitutions,
                     this.PerformPartialSubstitutions,
                     this.PerformMasterPageSubstitutions,
                 };
@@ -428,6 +434,18 @@ private string PerformPathSubstitutions(string template, object model, IViewEngi
             return result;
         }
 
+        /// <summary>
+        /// Perform CSRF anti forgery token expansions
+        /// </summary>
+        /// <param name="template">The template.</param>
+        /// <param name="model">The model.</param>
+        /// <param name="host">View engine host</param>
+        /// <returns>Template with anti forgery tokens expanded</returns>
+        private string PerformAntiForgeryTokenSubstitutions(string template, object model, IViewEngineHost host)
+        {
+            return AntiForgeryTokenRegEx.Replace(template, host.AntiForgeryToken());
+        }
+
         /// <summary>
         /// Perform @Partial partial view expansion
         /// </summary>