Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Django and IE9 Don’t Play Well Together

DZone's Guide to

Django and IE9 Don’t Play Well Together

· Web Dev Zone ·
Free Resource

Jumpstart your Angular applications with Indigo.Design, a unified platform for visual design, UX prototyping, code generation, and app development.

You know those bugs that take  hours to debug? And the fix is … moving a single line.

That kind of bug is tripped up when you use django’s csrf protection and someone comes to your site using IE9. It can easily happen that not only will form stylings not affect the elements, the form might even ignore any values entered!

But it works perfectly on older versions of IE.

The bug was insanely difficult to pinpoint because I don’t have IE9 anywhere – only linux and mac around here, any windows box is so old IE7 is about the extent of its capabilities … After installing some sort of windows 7 to a virtual machine and getting IE9 working, I set to work.

Symptoms

  1. Form works perfectly in IE7, Chrome, Firefox etc.
  2. Form works perfectly with compatibility mode turned on
  3. Form values aren’t submitted
  4. Form elements don’t respond to form styling

For some reason IE9 thinks the form is empty. Displays all elements, but they don’t behave like they’re part of the form … which is kind of odd. They aren’t even selectable through the javascript console or anything.

Solution

After many pointless wanderings and random code changes, I realized the HTMLdoesn’t look like something I’d usually write (legacy-ish code).

<form action="/somewhere" method="POST">
{% csrf_token %} 
<label>blah</label><input type="text" name="blah" /> 
<!-- etc -->
</form>

Usually I’d put the {% csrf_token %} at the end. Not sure why, just the way I’ve always done it … surely this can’t make a difference right?

It can!

Putting it at the bottom of the form fixed all bugs. Styling suddenly worked, form was submitted with all data and everything worked everywhere.

Le huh?

 

When the form is rendered that  {% csrf_token %} is replaced with an invisible div tag. For some reason this ticks off IE9′s strictness and the rest of the form isn’t considered to be a part of this element anymore.

Something like this:

<form method="POST" class="filter" style="display: none">
    <div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='41aeb46067bf9e800f9ce6c718265121' /></div>
    <input type="hidden" name="selected" value="" />
    <label for="dateFrom">From date:</label>
    <input type="text" class="datepicker" name="dateFrom" readonly="readonly" value=""/>
    <!-- etc. -->
</form>

I can’t find official reference either way, but I think div’s inside forms are legal HTML, perhaps not the best looking HTML, but p tags are allowed, even happen in the form tag example on w3.org, so I have no idea why IE9 would trip up on this.

Perhaps someone a bit more knowledgeable of strict HTML can shed some light on this issue? For now, let’s all just be aware of this little quirk.

Take a look at the Indigo.Design sample applications to learn more about how apps are created with design to code software.

Topics:

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}