#18484: csrfmiddlewaretoken enclosed in redundant invisible div
-------------------------------+------------------------------------
Reporter: hedleyroos@… | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.4
Severity: Normal | Resolution:
Keywords: csrf | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
Changes (by lukeplant):
* needs_docs: => 0
* needs_better_patch: => 0
* needs_tests: => 0
* stage: Unreviewed => Accepted
Comment:
Hmm, that is **really** broken behaviour.
http://www.w3.org/TR/html401/interact/forms.html#h-17.13.2
I believe the original reason was to ensure the inserted div had no effect
on appearance. You cannot put the input in without a div due to HTML
validity constraints. IIRC, having been tortured by IE for several years,
I was worried that IE would do funny things with divs that are not
completely empty, and give them some pixel space etc. (I've come across
very similar bugs with almost empty divs in IE).
That concern is probably passed now, and if this is causing a genuine
problem, let's remove the 'style="display:none"'.
--
Ticket URL: <https://code.djangoproject.com/ticket/18484#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
