Ñò Ê©MHc@ssdZddkZddklZlZddklZddklZdZ d„Z d„Zd ed „Z dS(sþ Secure Form Tag Helpers -- For prevention of Cross-site request forgery (CSRF) attacks. Generates form tags that include client-specific authorization tokens to be verified by the destined web app. Authorization tokens are stored in the client's session. The web app can then verify the request's submitted authorization token with the value in the client's session. This ensures the request came from the originating page. See http://en.wikipedia.org/wiki/Cross-site_request_forgery for more information. Pylons provides an ``authenticate_form`` decorator that does this verfication on the behalf of controllers. These helpers depend on Pylons' ``session`` object. Most of them can be easily ported to another framework by changing the API calls. The helpers are implemented in such a way that it should be easy to create your own helpers if you are using helpers for AJAX calls. authentication_token() returns the current authentication token, creating one and storing it in the session if it doesn't already exist. auth_token_hidden_field() creates a hidden field (wrapped in an invisible div; I don't know if this is necessary, but the old WebHelpers had it like this) containing the authentication token. secure_form() is form() plus auth_token_hidden_field(). iÿÿÿÿN(tHTMLtliteral(tform(thiddent_authentication_tokencCs•ddkl}t|jopyttidƒƒ}Wn(tj ottidƒƒ}nX||t