Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed #18484 -- Removed the div around the csrf token input

  • Loading branch information...
commit fa2e28ccc45d383ad9b1398565a9d106a80fd1db 1 parent 22742e4
@claudep claudep authored
Showing with 1 addition and 1 deletion.
  1. +1 −1  django/template/defaulttags.py
View
2  django/template/defaulttags.py
@@ -48,7 +48,7 @@ def render(self, context):
if csrf_token == 'NOTPROVIDED':
return format_html("")
else:
- return format_html("<div><input type='hidden' name='csrfmiddlewaretoken' value='{0}' /></div>", csrf_token)
+ return format_html("<input type='hidden' name='csrfmiddlewaretoken' value='{0}' />", csrf_token)
else:
# It's very probable that the token is missing because of
# misconfiguration, so we raise a warning

6 comments on commit fa2e28c

@charettes
Collaborator

Maybe we should add a release note about this?

@mlavin

I would agree this needs a release note. This is not a backwards compatible change in terms of HTML validation. There was a longer discussion on a previous pull request #242.

@claudep
Collaborator

What about this note:
"The csrf_token template tag is no more enclosed in a div. If you need HTML
validation against pre-HTML5 Strict DTDs, you should add a div around it in your pages."

@charettes
Collaborator

Looks good to me.

@mlavin

I would probably say 'no longer' rather than 'no more' but either way this would be a good addition to the release notes.

@claudep
Collaborator

Committed in e6f45aa. Thanks Mark for the grammatical tip. I'm at war with no more/no longer :-)

Please sign in to comment.
Something went wrong with that request. Please try again.