зеркало из https://github.com/mozilla/nuggets.git
19 строки
612 B
Python
19 строки
612 B
Python
"""
|
|
Replacement for django.core.context_processors.csrf that escapes the CSRF
|
|
token.
|
|
"""
|
|
from django.core import context_processors
|
|
from django.utils import functional, html
|
|
|
|
|
|
def csrf(request):
|
|
# Use lazy() because getting the token triggers Set-Cookie: csrftoken.
|
|
def _get_val():
|
|
token = context_processors.csrf(request)['csrf_token']
|
|
# This should be an md5 string so any broken Unicode is an attacker.
|
|
try:
|
|
return html.escape(unicode(token))
|
|
except UnicodeDecodeError:
|
|
return u''
|
|
return {'csrf_token': functional.lazy(_get_val, unicode)()}
|