Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[1.0.X] Fixed #10884 - more lenient regexp for matching forms in CSRF…

… post-processing

Thanks to Ryszard Szopa for the report and fix

Backport of r10617

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit cb92893598a31bf3af697d65e257a33f6686d6a2 1 parent 725ffa5
Luke Plant spookylukey authored
Showing with 1 addition and 1 deletion.
  1. +1 −1  django/contrib/csrf/
2  django/contrib/csrf/
@@ -16,7 +16,7 @@
_ERROR_MSG = mark_safe('<html xmlns="" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>')
- re.compile(r'(<form\W[^>]*\bmethod=(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE)
+ re.compile(r'(<form\W[^>]*\bmethod\s*=\s*(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE)
_HTML_TYPES = ('text/html', 'application/xhtml+xml')
Please sign in to comment.
Something went wrong with that request. Please try again.