#18484: csrfmiddlewaretoken enclosed in redundant invisible div -------------------------------+------------------------------------ Reporter: hedleyroos@… | Owner: nobody Type: Uncategorized | Status: new Component: Uncategorized | Version: 1.4 Severity: Normal | Resolution: Keywords: csrf | Triage Stage: Accepted Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------+------------------------------------ Changes (by lukeplant):
* needs_docs: => 0 * needs_better_patch: => 0 * needs_tests: => 0 * stage: Unreviewed => Accepted Comment: Hmm, that is **really** broken behaviour. http://www.w3.org/TR/html401/interact/forms.html#h-17.13.2 I believe the original reason was to ensure the inserted div had no effect on appearance. You cannot put the input in without a div due to HTML validity constraints. IIRC, having been tortured by IE for several years, I was worried that IE would do funny things with divs that are not completely empty, and give them some pixel space etc. (I've come across very similar bugs with almost empty divs in IE). That concern is probably passed now, and if this is causing a genuine problem, let's remove the 'style="display:none"'. -- Ticket URL: <https://code.djangoproject.com/ticket/18484#comment:1> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.