Version: v0.7.1 - Beta.  We welcome contributors & feedback.


Form.csrfTag() -> HtmlString


Create a hidden field that contains the user’s CSRF token.

This is used to prevent Cross-Site Request Forgery (CSRF) attacks.

This is only needed if you are building the HTML for your form manually. THT automatically includes the token when you create the form using the built-in Form methods.

To get the value of the CSRF Token without the tag, call Web.csrfToken.

tm myForm {


        {{ Form.csrfTag() }}
        //= <input type="hidden" value="WhRg3jq52t462...">


See Also