Fixed #14235 - UnicodeDecodeError in CSRF middleware

Thanks to jbg for the report. This changeset essentially backs out [13698] in favour of a method that sanitizes the token rather than escaping it. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13732 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-10-30 17:16:10 +00:00 · 2010-09-10 22:56:56 +00:00
parent fd1e4b81d9
commit 364583b894
3 changed files with 37 additions and 14 deletions
--- a/django/template/defaulttags.py
+++ b/django/template/defaulttags.py
@@ -9,7 +9,6 @@ from django.template import TemplateSyntaxError, VariableDoesNotExist, BLOCK_TAG
 from django.template import get_library, Library, InvalidTemplateLibrary
 from django.template.smartif import IfParser, Literal
 from django.conf import settings
-from django.utils.html import escape
 from django.utils.encoding import smart_str, smart_unicode
 from django.utils.safestring import mark_safe

@@ -43,7 +42,7 @@ class CsrfTokenNode(Node):
            if csrf_token == 'NOTPROVIDED':
                return mark_safe(u"")
            else:
-                return mark_safe(u"<div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='%s' /></div>" % escape(csrf_token))
+                return mark_safe(u"<div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='%s' /></div>" % csrf_token)
        else:
            # It's very probable that the token is missing because of
            # misconfiguration, so we raise a warning