Menu
GitHub layout uses such constructs for CSRF protection of forms (can be seen in sign up form on main page for example):
<div style="margin:0;padding:0;display:inline">
<input type="hidden" value="somerandombase64" name="authenticity_token">
</div>
What is the reason to fold <input type="hidden" ...> with inline-styled <div>?
Isn't that <div> redundant?
884
The <input type="hidden"> defines a hidden input field. A hidden field lets web developers include data that cannot be seen or modified by users when a form is submitted.
Since they are not rendered visible, hidden inputs are sometimes erroneously perceived as safe. But similar to session cookies, hidden form inputs store the software's state information client-side, instead of server-side. This makes it vulnerable.
If you want to post an array you must use another notation: foreach ($postvalue as $value){ <input type="hidden" name="result[]" value="$value."> } Save this answer.
As explained here: LINK
Rails’ form tag helper helpfully puts a hidden field in with an authenticity token. Unfortunately, it wraps the hidden field in a div! So even if your form has style=”display:inline”, the div won’t.. and you won’t be able to display a form that doesn’t force a newline.
In other words, the safest way to prevent a newline is by adding those styles margin:0;padding:0;display:inline to the wrapper div.
99
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
