Let's say I have form in javascript file:
function form(csrf){
document.write('<form action="" method="post">'+csrf);
document.write(....);
document.write('<button>Go</button></form>');
}
In template:
<script type="text/javascript">
form({% csrf_token %});
</script>
Is it safe to do that?
Thanks!!!
The tag simply generates a hidden field and that's what you would be passing to the function.
Nothing wrong with that.