On Friday 01 January 2010 16:45:19 Wim Feijen wrote:
> I am not talking about SafeForm. I am sorry I wasn't clear before,
> but in fact, what I want to propose is to include the lines:
> <div style='display:none'><input type='hidden'
> name='csrfmiddlewaretoken' value='1234567890abcdef etc' /></div>
> by default when rendering a form with {{ form }}.
>
> Would that be possible? I know of several unwanted side-effects,
> which I believe we will be able to deal with using the reasoning
> in my first post, but please correct me if I overlooked any
> loopholes.
It's not possible, unless you pass the request object to the Form
instance, which requires changing the API for Form to something like
SafeForm. That's the problem.
Luke
--
"I washed a sock. Then I put it in the dryer. When I took it out,
it was gone." (Steven Wright)
Luke Plant || http://lukeplant.me.uk/
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
