#11362: CSRF middleware XHTML conformance
-----------------------------------+----------------------------------------
Reporter: loren | Owner: nobody
Status: closed | Milestone: 1.2
Component: Contrib apps | Version: SVN
Resolution: invalid | Keywords:
Stage: Unreviewed | Has_patch: 1
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-----------------------------------+----------------------------------------
Changes (by lukeplant):
* status: reopened => closed
* resolution: => invalid
Comment:
Replying to [comment:2 andriijas]:
> Lame excuse for closing. Double quoting should be used since
>
> 1) Consistency, Its used everywhere else in django
This is not true.
> 2) Single quoted html comes from the world of php idiocy ( print "<foo
id='$bar'>"; )
HTML did not inherit its use of single quotes from PHP practices.
Equivalent things are done in the Django code base i.e. single quotes used
to avoid problems with nesting quotations. See
http://code.djangoproject.com/browser/django/tags/releases/1.1/django/views/debug.py#L489
for example.
> 3) Why on earth wrap a display none div around an input hidden field? If
you are afraid of margins and paddings added by user style sheet, just put
display none on the input.
Without the div, you have invalid HTML. The div has "display:none" to
defensively protect against older browsers and their rendering quirks.
(I'm not sure if there is a specific bug with any, but I'm not going to
fire up a Windows VM and try X versions of Internet Explorer just to
check, and it can't harm, and I've run across related bugs in the past).
> 4) Anyone closing this issue again without the patch being apply
obviously don't care about consistency and clean markup, which does matter
to some people. So lets not make something big of this. It's a quick job
to review and apply the patch, though I understand it will take some
minutes of someones precious spare time.
If I changed the quoting style, I'd could well have another bug filed from
someone else who was relying on the previous style for some reason (e.g.
if they had a regression test that checked the exact output of a page),
and they would actually have a better case — why did I change something
that wasn't broken? What am I going to put in the commit message -
"Changed some valid HTML to some other valid HTML because andriijas told
me so"?
And if I applied your patch as is, I'd have HTML errors immediately.
Perhaps you haven't thought this through as well as you thought?
Yes, reviewing this patch did waste some minutes of my precious spare
time. I don't begrudge them, but I do object to the attitude that says
that you have a right to them, or the idea that if the review does not
turn out how you want then obviously I have no valid reasons for doing
turning you down.
> It's all about the semantics.
The semantics are not affected, I have no idea what you mean here.
The policy in Django is that you don't re-open a bug that is closed by a
core committer without discussion on django-devs. Please do not re-open.
--
Ticket URL: <http://code.djangoproject.com/ticket/11362#comment:4>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=.
