MozSecureWorld FAQ: Difference between revisions
Jump to navigation
Jump to search
| Line 28: | Line 28: | ||
return jingo.render(request, 'template.html', {"var_name": var_value}) | return jingo.render(request, 'template.html', {"var_name": var_value}) | ||
</pre> | </pre> | ||
==== AJAX CSRF 403 error ==== | |||
You have to send the csrf token along in ajax. | |||
You can get the csrf token value as: | |||
var csrfvalue = $('input[name=csrfmiddlewaretoken]').val(); | |||
var sendData = {csrfmiddlewaretoken: csrfvalue, yourName: yourValue}; | |||
=== HTML is not rendered === | === HTML is not rendered === | ||
Revision as of 17:24, 23 June 2011
MozSecureWorld FAQ/Notes
FAQ
CSRF error
Django's fix to CSRF can be found in the tutorial. Where you put in
template.html:
{% csrf_token %}
views.py:
from django.shortcuts import render_to_response
from django.template import RequestContext
def ...
return render_to_response('template.html', {'var_name': var_value}, context_instance=RequestContext(request))
But in the demo's setup with jingo and other stuff: template.html:
{{ csrf() }}
views.py:
import jingo
return jingo.render(request, 'template.html', {"var_name": var_value})
AJAX CSRF 403 error
You have to send the csrf token along in ajax. You can get the csrf token value as:
var csrfvalue = $('input[name=csrfmiddlewaretoken]').val(); var sendData = {csrfmiddlewaretoken: csrfvalue, yourName: yourValue};
HTML is not rendered
Solution: Use Django |safe
Problem: After using bleach, the safe tags show up "<b>should be bolded</b>" instead of being rendered as should be bolded, you have to add a "|safe" to the template.html:
{{richtext.comment|safe}}