diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt index 85810b9d8b..dbc05b6e50 100644 --- a/docs/ref/csrf.txt +++ b/docs/ref/csrf.txt @@ -40,7 +40,7 @@ To take advantage of CSRF protection in your views, follow these steps: 2. In any template that uses a POST form, use the :ttag:`csrf_token` tag inside the ``
`` element if the form is for an internal URL, e.g.:: - {% csrf_token %} + {% csrf_token %} This should not be done for POST forms that target external URLs, since that would cause the CSRF token to be leaked, leading to a vulnerability. diff --git a/tests/forms_tests/templates/forms_tests/article_form.html b/tests/forms_tests/templates/forms_tests/article_form.html index de38466335..8ab7a85bb9 100644 --- a/tests/forms_tests/templates/forms_tests/article_form.html +++ b/tests/forms_tests/templates/forms_tests/article_form.html @@ -1,6 +1,6 @@ - {% csrf_token %} + {% csrf_token %} {{ form.as_p }}
diff --git a/tests/templates/form_view.html b/tests/templates/form_view.html index a23fd0b657..1ef410fb71 100644 --- a/tests/templates/form_view.html +++ b/tests/templates/form_view.html @@ -2,7 +2,7 @@ {% block title %}Submit data{% endblock %} {% block content %}

{{ message }}

-
+ {% if form.errors %}

Please correct the errors below:

{% endif %} diff --git a/tests/templates/login.html b/tests/templates/login.html index 7f50df2ba1..0d301600a5 100644 --- a/tests/templates/login.html +++ b/tests/templates/login.html @@ -5,7 +5,7 @@

Your username and password didn't match. Please try again.

{% endif %} - +
{{ form.username }}
{{ form.password }}