-
-
Save msrkp/3a0918cf555d2a9997f04365d59e9b3c to your computer and use it in GitHub Desktop.
tornado
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def xsrf_form_html(self) -> str: | |
"""An HTML ``<input/>`` element to be included with all POST forms. | |
It defines the ``_xsrf`` input value, which we check on all POST | |
requests to prevent cross-site request forgery. If you have set | |
the ``xsrf_cookies`` application setting, you must include this | |
HTML within all of your HTML forms. | |
In a template, this method should be called with ``{% module | |
xsrf_form_html() %}`` | |
See `check_xsrf_cookie()` above for more information. | |
""" | |
return ( | |
'<input type="hidden" name="_xsrf" value="' | |
+ escape.xhtml_escape(self.xsrf_token) | |
+ '"/>' | |
) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment