Kyle M Hall
98a4b52be1
This patch avoids generating CSRF tokens unless the csrf-token.inc file is included in the template. Passed token doesn't need HTML escaped. The docs for WWW::CSRF state: The returned CSRF token is in a text-only form suitable for inserting into a HTML form without further escaping (assuming you did not send in strange things to the Time option). Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> |
||
|---|---|---|
| .. | ||
| data | ||
| includes | ||
| modules | ||
| xslt | ||