MozSecureWorld FAQ: Difference between revisions
Jump to navigation
Jump to search
(→FAQ) |
|||
| (8 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
= MozSecureWorld FAQ/Notes = | = MozSecureWorld FAQ/Notes = | ||
== | === Browser Cookie error === | ||
"Your Web browser doesn't appear to have cookies enabled." | |||
[http://curioushq.blogspot.com/2011/07/solved-django-your-web-browser-doesnt.html See solution here.] | |||
=== CSRF error === | === CSRF error === | ||
Django's fix to CSRF can be found in [https://docs.djangoproject.com/en/dev/intro/tutorial04/ the tutorial]. Where you put in | Django's fix to CSRF can be found in [https://docs.djangoproject.com/en/dev/intro/tutorial04/ the tutorial]. Where you put in | ||
| Line 28: | Line 31: | ||
return jingo.render(request, 'template.html', {"var_name": var_value}) | return jingo.render(request, 'template.html', {"var_name": var_value}) | ||
</pre> | </pre> | ||
==== AJAX CSRF 403 error ==== | |||
You have to send the csrf token along in ajax. | |||
You can get the csrf token value as: | |||
var csrfvalue = $('input[name=csrfmiddlewaretoken]').val(); | |||
var sendData = {csrfmiddlewaretoken: csrfvalue, yourName: yourValue}; | |||
=== HTML is not rendered === | === HTML is not rendered === | ||
Solution: Use Django [https://docs.djangoproject.com/en/dev/ref/templates/builtins/#safe |safe] | Solution: Use Django [https://docs.djangoproject.com/en/dev/ref/templates/builtins/#safe |safe] | ||
Problem: After using bleach, the safe tags show up "<b>should be bolded</b>" instead of being rendered as <b>should be bolded</b>, you have to add a "|safe" to the template: richtext.comment|safe | Problem: After using bleach, the safe tags show up "<b>should be bolded</b>" instead of being rendered as <b>should be bolded</b>, you have to add a "|safe" to the template.html: | ||
<pre>{{richtext.comment|safe}} | |||
</pre> | |||
Latest revision as of 23:43, 3 July 2011
MozSecureWorld FAQ/Notes
Browser Cookie error
"Your Web browser doesn't appear to have cookies enabled." See solution here.
CSRF error
Django's fix to CSRF can be found in the tutorial. Where you put in
template.html:
{% csrf_token %}
views.py:
from django.shortcuts import render_to_response
from django.template import RequestContext
def ...
return render_to_response('template.html', {'var_name': var_value}, context_instance=RequestContext(request))
But in the demo's setup with jingo and other stuff: template.html:
{{ csrf() }}
views.py:
import jingo
return jingo.render(request, 'template.html', {"var_name": var_value})
AJAX CSRF 403 error
You have to send the csrf token along in ajax. You can get the csrf token value as:
var csrfvalue = $('input[name=csrfmiddlewaretoken]').val(); var sendData = {csrfmiddlewaretoken: csrfvalue, yourName: yourValue};
HTML is not rendered
Solution: Use Django |safe
Problem: After using bleach, the safe tags show up "<b>should be bolded</b>" instead of being rendered as should be bolded, you have to add a "|safe" to the template.html:
{{richtext.comment|safe}}