Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

19 lines (16 sloc) 0.612 kB
"""
Replacement for django.core.context_processors.csrf that escapes the CSRF
token.
"""
from django.core import context_processors
from django.utils import functional, html
def csrf(request):
# Use lazy() because getting the token triggers Set-Cookie: csrftoken.
def _get_val():
token = context_processors.csrf(request)['csrf_token']
# This should be an md5 string so any broken Unicode is an attacker.
try:
return html.escape(unicode(token))
except UnicodeDecodeError:
return u''
return {'csrf_token': functional.lazy(_get_val, unicode)()}
Jump to Line
Something went wrong with that request. Please try again.