seth.computer
this repo has no description
Fix CSRF field rendering - use raw() to prevent HTML escaping
Co-authored-by: Shelley <shelley@exe.dev>
+5
-2
+5
-2
src/lib/csrf.ts
+5
-2
src/lib/csrf.ts
···
73
73
await next();
74
74
}
75
75
76
+
import { raw } from 'hono/html';
77
+
76
78
/**
77
79
* HTML helper to generate a hidden CSRF input field
80
+
* Returns a raw HTML string that won't be escaped by Hono's html template
78
81
*/
79
-
export function csrfField(token: string): string {
80
-
return `<input type="hidden" name="${CSRF_FORM_FIELD}" value="${token}" />`;
82
+
export function csrfField(token: string) {
83
+
return raw(`<input type="hidden" name="${CSRF_FORM_FIELD}" value="${token}" />`);
81
84
}