356662cf74
Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359
...
See documentation in templates.txt and templates_python.txt for how everything
works.
Backwards incompatible if you're inserting raw HTML output via template variables.
Based on an original design from Simon Willison and with debugging help from Michael Radziej.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 12:58:53 +00:00
afc6985267
Fixed #5292 -- Changed CSRF middleware to check for request.method == 'POST' instead of request.POST dictionary not being empty. Thanks, Jakub Wilk
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6038 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-03 06:18:48 +00:00
d9ce900e13
Fixed #3157 -- Made error message XHTML-friendly in CSRF middleware. Thanks, mir@noris.de
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4225 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-18 15:37:52 +00:00
5c0e4f3908
Fixed CsrfMiddleware post processing so that it in the presence of multiple
...
POST <form>s, only one <input> tag is added with an id, for HTML validity.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2900 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-11 22:32:47 +00:00
c26553c4f9
Fixed #1827 - added 'id' attribute to generated CSRF hidden field. Good call, Ian Holsman.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2899 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-11 21:55:53 +00:00
8eecb95ec8
Added CsrfMiddleware to contrib, and documentation.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2868 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-08 23:03:08 +00:00
Malcolm Tredinnick
Adrian Holovaty
Luke Plant