On Mon, Mar 14, 2011 at 10:57 AM, Chris Seberino <cseber...@gmail.com> wrote:
> My Django app's html won't validate because CSRF middleware adds
> hidden
> tags like this...
>
> <input type='hidden' id='csrfmiddlewaretoken'
> name='csrfmiddlewaretoken' value='ebcf3d41f32a70a209e27ef7fdf06d72' />
>
> The only problem is the slash "/>" at the end.
>
> How make Django templates not automatically add hidden tags that won't
> validate?
You have access to a context variable called "csrf_token", which just
contains the actual token string. If you don't like the output of the
{% csrf_token %}
template tag, then just write it yourself in a template. The simplest
way would be to put, in your template, some code like this:
<div style='display:none'>
<input type='hidden' name='csrfmiddlewaretoken' value='{{
csrf_token }}' >
</div>
(Note the '{{', '}}' delimiters, rather than '{%', '%}')
A more complicated, but more reusable way to do it would be to write
your own template tag (it's really simple, you can use the CSRF-token
code in django/template/defaulttags.py as a starting point) which
would render whatever markup you need.
--
Regards,
Ian Clelland
<clell...@gmail.com>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
