Skip to content
This repository


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #18484 -- Removed the div around the csrf token input

  • Loading branch information...
commit fa2e28ccc45d383ad9b1398565a9d106a80fd1db 1 parent 22742e4
Claude Paroz authored

Showing 1 changed file with 1 addition and 1 deletion. Show diff stats Hide diff stats

  1. 2  django/template/
2  django/template/
@@ -48,7 +48,7 @@ def render(self, context):
48 48
             if csrf_token == 'NOTPROVIDED':
49 49
                 return format_html("")
50 50
-                return format_html("<div><input type='hidden' name='csrfmiddlewaretoken' value='{0}' /></div>", csrf_token)
+                return format_html("<input type='hidden' name='csrfmiddlewaretoken' value='{0}' />", csrf_token)
52 52
53 53
             # It's very probable that the token is missing because of
54 54
             # misconfiguration, so we raise a warning

6 notes on commit fa2e28c

Simon Charette

Maybe we should add a release note about this?

Mark Lavin

I would agree this needs a release note. This is not a backwards compatible change in terms of HTML validation. There was a longer discussion on a previous pull request #242.

Claude Paroz

What about this note:
"The csrf_token template tag is no more enclosed in a div. If you need HTML
validation against pre-HTML5 Strict DTDs, you should add a div around it in your pages."

Simon Charette

Looks good to me.

Mark Lavin

I would probably say 'no longer' rather than 'no more' but either way this would be a good addition to the release notes.

Claude Paroz

Committed in e6f45aa. Thanks Mark for the grammatical tip. I'm at war with no more/no longer :-)

Please sign in to comment.
Something went wrong with that request. Please try again.