Django Book 翻译
菜单>:
TOC
返回
原文:
If your application creates HTML pages and forms in some unusual way (e.g., if it sends fragments of HTML in JavaScript ``document.write`` statements), you might bypass the filter that adds the hidden field to the form. In this case, the form submission will always fail. (This happens because ``CsrfMiddleware`` uses a regular expression to add the ``csrfmiddlewaretoken`` field to your HTML before the page is sent to the client, and the regular expression sometimes cannot handle wacky HTML.) If you suspect this might be happening, just view the source in your Web browser to see whether ``csrfmiddlewaretoken`` was inserted into your ``
`` .
翻译:
如果你的应用程序以某种非常规的方法创建 HTML 页面(例如:在 Javascript 的 ``document.write`` 语句中发送 HTML 片段),你可能会绕开了向表单添加隐藏字段的过滤器。在此情况下,表单提交永远无法成功。(这是因为在页面被发送到客户端之前, ``CsrfMiddleware`` 使用正则表达式向 HTML 中添加 ``csrfmiddlewaretoken`` 字段,而有时正则表达式无法处理非常规的 HTML。)如果你怀疑发生这类事情,只需在浏览器中查看源码的表单中是否已经插入了 ``csrfmiddlewaretoken`` 。
备注:
译者: