Amon2 Flavor xsrf-token.js without jQuery

xsrf-token.js

    $self->write_file("$base/js/xsrf-token.js", <<'...');
var <% $module %> = <% $module %> || {};
<% $module %>.getXSRFToken = function() {
    var token;

    return function() {
        if(token === undefined) {
            var cookies = document.cookie.split(/\s*;\s*/);
            for (var i=0,l=cookies.length; i<l; i++) {
                var matched = cookies[i].match(/^XSRF-TOKEN=(.*)$/);
                if (matched) {
                    token = matched[1];
                    break;
                }
            }
        }
        return token;
    };
}();

window.onload = function() {
    var xsrf_token = <% $module %>.getXSRFToken();
    var forms = document.getElementsByTagName('form');
    for(var i = 0; i < forms.length; ++i) {
        var method = forms[i].getAttribute('form');
        if (method === 'get' || method === 'GET') {
            return;
        }

        var input = document.createElement('input');
        input.setAttribute('type', 'hidden');
        input.setAttribute('name',  'XSRF-TOKEN');
        input.setAttribute('value',  xsrf_token);

        forms[i].appendChild(input);
    };
};
...