Merge pull request #1371 from symfony/autocomplete-off

fabpot · web-flow · commit 7e10c1d0780e · 2025-01-06T11:15:05.000+01:00
[stimulus-bundle] Use defaultValue to change the value of hidden CSRF fields
diff --git a/symfony/stimulus-bundle/2.20/assets/controllers/csrf_protection_controller.js b/symfony/stimulus-bundle/2.20/assets/controllers/csrf_protection_controller.js
@@ -14,7 +14,7 @@ document.addEventListener('submit', function (event) {
 
     if (!csrfCookie && nameCheck.test(csrfToken)) {
         csrfField.setAttribute('data-csrf-protection-cookie-value', csrfCookie = csrfToken);
-        csrfField.value = csrfToken = btoa(String.fromCharCode.apply(null, (window.crypto || window.msCrypto).getRandomValues(new Uint8Array(18))));
+        csrfField.defaultValue = csrfToken = btoa(String.fromCharCode.apply(null, (window.crypto || window.msCrypto).getRandomValues(new Uint8Array(18))));
     }
 
     if (csrfCookie && tokenCheck.test(csrfToken)) {

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ document.addEventListener('submit', function (event) {`
`14`	`14`
`15`	`15`	`if (!csrfCookie && nameCheck.test(csrfToken)) {`
`16`	`16`	`csrfField.setAttribute('data-csrf-protection-cookie-value', csrfCookie = csrfToken);`
`17`		`- csrfField.value = csrfToken = btoa(String.fromCharCode.apply(null, (window.crypto \|\| window.msCrypto).getRandomValues(new Uint8Array(18))));`
	`17`	`+ csrfField.defaultValue = csrfToken = btoa(String.fromCharCode.apply(null, (window.crypto \|\| window.msCrypto).getRandomValues(new Uint8Array(18))));`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`if (csrfCookie && tokenCheck.test(csrfToken)) {`