fix: omit id attr when rendering hidden input for CSRF token

since there can be more than one of these, if multiple forms
2024-11-19 20:12:33 -06:00 · 2024-11-19 20:12:33 -06:00 · fab27e8153
parent c89da0ee41
commit fab27e8153
1 changed files with 1 additions and 1 deletions
--- a/src/wuttaweb/util.py
+++ b/src/wuttaweb/util.py
@ -473,7 +473,7 @@ def render_csrf_token(request, name='_csrf'):
    See also :func:`get_csrf_token()`.
    """
    token = get_csrf_token(request)
-    return HTML.tag('div', tags.hidden(name, value=token), style='display:none;')
+    return HTML.tag('div', tags.hidden(name, value=token, id=None), style='display:none;')
 def get_model_fields(config, model_class=None):