Hi, I have to start with a little background.
There's the still interesting issue of what media type you give to your pages and whether to use html4 or xhtml. Large part of Django seems to use xhtml, and I like it somehow better than html, so I use it and give to browsers that accept it application/xhtml+xml as media type (and to others I feed the same input but call it text/html). Now, when I use the great csrf middleware from contrib, it outputs this error message when it deduces that there's an csrf attack, and without any template around it: <h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p> If you try this with a firefox and media type application/xhtml+xml, you only get a message that the server has given us incorrect xhtml. And right so. So I changed it to: <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html> Now to my question: What is the current policy? Should this output be xhtml conform or not? The point is, and that goes above the csrf message, I don't know if it's a good idea or not to use xhtml at all. You need to call it text/html for IE6 and before, but to get any benefit from xml (i.e., to see your errors immediately and get a more rigid interpretation from the browser), you need to call it application/xhtml+xml at least to the browser that understand it. But then you get interesting effects on stylesheets and JavaScript: stylesheets are also interpreted a little bit differently (e.g., case matters with xhtml but not with html; java script is expected to use the namespace stuff) I have this under control for myself, but I really don't know if it's a good idea to propose xhtml in general. Michael --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers -~----------~----~----~----~------~----~------~--~---