From d9ce900e13077d47f8ca43064e904a38f7f1787e Mon Sep 17 00:00:00 2001
From: Adrian Holovaty <adrian@holovaty.com>
Date: Mon, 18 Dec 2006 15:37:52 +0000
Subject: [PATCH] Fixed #3157 -- Made error message XHTML-friendly in CSRF
 middleware. Thanks, mir@noris.de

git-svn-id: http://code.djangoproject.com/svn/django/trunk@4225 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/contrib/csrf/middleware.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/django/contrib/csrf/middleware.py b/django/contrib/csrf/middleware.py
index f6f78867dc8..93a9484ca65 100644
--- a/django/contrib/csrf/middleware.py
+++ b/django/contrib/csrf/middleware.py
@@ -11,7 +11,7 @@ import md5
 import re
 import itertools
 
-_ERROR_MSG = "<h1>403 Forbidden</h1><p>Cross Site Request Forgery detected.  Request aborted.</p>"
+_ERROR_MSG = '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>'
 
 _POST_FORM_RE = \
     re.compile(r'(<form\W[^>]*\bmethod=(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE)