#15352: id="csrfmiddlewaretoken" regression
-------------------------------------------+--------------------------------
Reporter: jl6 | Owner: nobody
Status: closed | Milestone: 1.4
Component: Template system | Version: SVN
Resolution: wontfix | Keywords: csrf token
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 |
-------------------------------------------+--------------------------------
Changes (by lukeplant):
* status: new => closed
* needs_better_patch: => 0
* resolution: => wontfix
* needs_tests: => 0
* needs_docs: => 0
Comment:
The example code was in error, as noted in the errata blog post:
http://www.djangoproject.com/weblog/2011/feb/10/security-errata/
The new version does not include the ID attribute deliberately, for the
reason that in the case of multiple instances of `{% csrf_token %}` on a
page you need to ensure that only one has the ID attribute (for HTML
validity), and doing this in the new version is probably not possible, or
would be extremely hacky at best.
--
Ticket URL: <http://code.djangoproject.com/ticket/15352#comment:1>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
