django1/tests/template_backends
Shai Berger 5112e65ef2 Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them
Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.
2016-05-19 05:02:19 +03:00
..
apps Fixed #17085, #24783 -- Refactored template library registration. 2015-05-21 09:12:06 -05:00
forbidden/template_backends
jinja2/template_backends Fixed #24119, #24120 -- Formalized debug integration for template backends. 2015-05-06 17:33:47 -05:00
template_strings/template_backends
templates/template_backends Refs #24469 -- Fixed escaping of forms, fields, and media in non-Django templates. 2015-03-18 09:11:01 -04:00
__init__.py
test_django.py Fixed #25469 -- Added autoescape option to DjangoTemplates backend. 2015-11-12 19:14:23 -05:00
test_dummy.py Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them 2016-05-19 05:02:19 +03:00
test_jinja2.py Fixed #24119, #24120 -- Formalized debug integration for template backends. 2015-05-06 17:33:47 -05:00
test_utils.py Fixed #24685 -- Fixed check for template name unicity. 2015-05-03 21:49:16 +02:00