diff options
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/csrf.txt | 14 | ||||
| -rw-r--r-- | docs/ref/templates/builtins.txt | 2 |
2 files changed, 8 insertions, 8 deletions
diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt index 20a8ddb433..0e4423248d 100644 --- a/docs/ref/csrf.txt +++ b/docs/ref/csrf.txt @@ -85,11 +85,11 @@ You can acquire the token like this: .. code-block:: javascript function getCookie(name) { - var cookieValue = null; + let cookieValue = null; if (document.cookie && document.cookie !== '') { - var cookies = document.cookie.split(';'); - for (var i = 0; i < cookies.length; i++) { - var cookie = cookies[i].trim(); + const cookies = document.cookie.split(';'); + for (let i = 0; i < cookies.length; i++) { + const cookie = cookies[i].trim(); // Does this cookie string begin with the name we want? if (cookie.substring(0, name.length + 1) === (name + '=')) { cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); @@ -99,14 +99,14 @@ You can acquire the token like this: } return cookieValue; } - var csrftoken = getCookie('csrftoken'); + const csrftoken = getCookie('csrftoken'); The above code could be simplified by using the `JavaScript Cookie library <https://github.com/js-cookie/js-cookie/>`_ to replace ``getCookie``: .. code-block:: javascript - var csrftoken = Cookies.get('csrftoken'); + const csrftoken = Cookies.get('csrftoken'); .. note:: @@ -138,7 +138,7 @@ and read the token from the DOM with JavaScript: {% csrf_token %} <script type="text/javascript"> // using jQuery - var csrftoken = jQuery("[name=csrfmiddlewaretoken]").val(); + const csrftoken = jQuery("[name=csrfmiddlewaretoken]").val(); </script> Setting the token on the AJAX request diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt index 387ad09a83..ae62727266 100644 --- a/docs/ref/templates/builtins.txt +++ b/docs/ref/templates/builtins.txt @@ -1816,7 +1816,7 @@ The resulting data can be accessed in JavaScript like this: .. code-block:: javascript - var value = JSON.parse(document.getElementById('hello-data').textContent); + const value = JSON.parse(document.getElementById('hello-data').textContent); XSS attacks are mitigated by escaping the characters "<", ">" and "&". For example if ``value`` is ``{'hello': 'world</script>&'}``, the output is: |
