Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Fixed #18484 -- Removed the div around the csrf token input

  • Loading branch information...
1 parent 22742e4 commit fa2e28ccc45d383ad9b1398565a9d106a80fd1db @claudep claudep committed
Showing with 1 addition and 1 deletion.
  1. +1 −1  django/template/
2  django/template/
@@ -48,7 +48,7 @@ def render(self, context):
if csrf_token == 'NOTPROVIDED':
return format_html("")
- return format_html("<div><input type='hidden' name='csrfmiddlewaretoken' value='{0}' /></div>", csrf_token)
+ return format_html("<input type='hidden' name='csrfmiddlewaretoken' value='{0}' />", csrf_token)
# It's very probable that the token is missing because of
# misconfiguration, so we raise a warning

6 comments on commit fa2e28c


Maybe we should add a release note about this?


I would agree this needs a release note. This is not a backwards compatible change in terms of HTML validation. There was a longer discussion on a previous pull request #242.


What about this note:
"The csrf_token template tag is no more enclosed in a div. If you need HTML
validation against pre-HTML5 Strict DTDs, you should add a div around it in your pages."


Looks good to me.


I would probably say 'no longer' rather than 'no more' but either way this would be a good addition to the release notes.


Committed in e6f45aa. Thanks Mark for the grammatical tip. I'm at war with no more/no longer :-)

Please sign in to comment.
Something went wrong with that request. Please try again.