Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Folding input type hidden with div

Tags:

html

css

GitHub layout uses such constructs for CSRF protection of forms (can be seen in sign up form on main page for example):

<div style="margin:0;padding:0;display:inline">
    <input type="hidden" value="somerandombase64" name="authenticity_token">
</div>

What is the reason to fold <input type="hidden" ...> with inline-styled <div>? Isn't that <div> redundant?

like image 884
vearutop Avatar asked Dec 13 '13 08:12

vearutop


People also ask

How do you make an input element invisible?

The <input type="hidden"> defines a hidden input field. A hidden field lets web developers include data that cannot be seen or modified by users when a form is submitted.

Is input type hidden safe?

Since they are not rendered visible, hidden inputs are sometimes erroneously perceived as safe. But similar to session cookies, hidden form inputs store the software's state information client-side, instead of server-side. This makes it vulnerable.

How do you pass an input hidden array?

If you want to post an array you must use another notation: foreach ($postvalue as $value){ <input type="hidden" name="result[]" value="$value."> } Save this answer.


1 Answers

As explained here: LINK

Rails’ form tag helper helpfully puts a hidden field in with an authenticity token. Unfortunately, it wraps the hidden field in a div! So even if your form has style=”display:inline”, the div won’t.. and you won’t be able to display a form that doesn’t force a newline.

In other words, the safest way to prevent a newline is by adding those styles margin:0;padding:0;display:inline to the wrapper div.

like image 99
saada Avatar answered Sep 28 '22 16:09

saada