From fab27e815330276cce0f5c2b91f7e36a1769d1e4 Mon Sep 17 00:00:00 2001
From: Lance Edgar <lance@edbob.org>
Date: Tue, 19 Nov 2024 20:12:33 -0600
Subject: [PATCH] fix: omit `id` attr when rendering hidden input for CSRF
 token

since there can be more than one of these, if multiple forms
---
 src/wuttaweb/util.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wuttaweb/util.py b/src/wuttaweb/util.py
index 6a57425..3bd3150 100644
--- a/src/wuttaweb/util.py
+++ b/src/wuttaweb/util.py
@@ -473,7 +473,7 @@ def render_csrf_token(request, name='_csrf'):
     See also :func:`get_csrf_token()`.
     """
     token = get_csrf_token(request)
-    return HTML.tag('div', tags.hidden(name, value=token), style='display:none;')
+    return HTML.tag('div', tags.hidden(name, value=token, id=None), style='display:none;')
 
 
 def get_model_fields(config, model_class=None):