Added the form name to the search forms so that they can be excluded by OWASP ZAP scanner for Anti-CSRF tokens.

2023-05-17 21:43:21 +08:00 · 2023-05-17 21:43:21 +08:00 · 2f69e0f215
commit 2f69e0f215
parent 961385c389
5 changed files with 5 additions and 5 deletions
--- a/src/accounting/templates/accounting/account/list.html
+++ b/src/accounting/templates/accounting/account/list.html
@ -32,7 +32,7 @@ First written: 2023/1/30
      {{ A_("New") }}
    </a>
  {% endif %}
-  <form class="btn btn-primary d-flex input-group" action="{{ url_for("accounting.account.list") }}" method="get" role="search" aria-labelledby="accounting-toolbar-search-label">
+  <form class="btn btn-primary d-flex input-group" name="accounting-search-form" action="{{ url_for("accounting.account.list") }}" method="get" role="search" aria-labelledby="accounting-toolbar-search-label">
    <input id="accounting-toolbar-search" class="form-control form-control-sm" type="search" name="q" value="{{ request.args.q }}" placeholder=" " required="required">
    <label id="accounting-toolbar-search-label" for="accounting-toolbar-search" class="input-group-text">
      <button type="submit">
--- a/src/accounting/templates/accounting/base-account/list.html
+++ b/src/accounting/templates/accounting/base-account/list.html
@ -26,7 +26,7 @@ First written: 2023/1/26
 {% block content %}

 <div class="mb-2 accounting-toolbar">
-  <form class="btn btn-primary d-flex input-group" action="{{ url_for("accounting.base-account.list") }}" method="get" role="search" aria-labelledby="accounting-toolbar-search-label">
+  <form class="btn btn-primary d-flex input-group" name="accounting-search-form" action="{{ url_for("accounting.base-account.list") }}" method="get" role="search" aria-labelledby="accounting-toolbar-search-label">
    <input id="accounting-toolbar-search" class="form-control form-control-sm" type="search" name="q" value="{{ request.args.q }}" placeholder=" " required="required">
    <label id="accounting-toolbar-search-label" for="accounting-toolbar-search" class="input-group-text">
      <button type="submit">
--- a/src/accounting/templates/accounting/currency/list.html
+++ b/src/accounting/templates/accounting/currency/list.html
@ -32,7 +32,7 @@ First written: 2023/2/6
      {{ A_("New") }}
    </a>
  {% endif %}
-  <form class="btn btn-primary d-flex input-group" action="{{ url_for("accounting.currency.list") }}" method="get" role="search" aria-labelledby="accounting-toolbar-search-label">
+  <form class="btn btn-primary d-flex input-group" name="accounting-search-form" action="{{ url_for("accounting.currency.list") }}" method="get" role="search" aria-labelledby="accounting-toolbar-search-label">
    <input id="accounting-toolbar-search" class="form-control form-control-sm" type="search" name="q" value="{{ request.args.q }}" placeholder=" " required="required">
    <label id="accounting-toolbar-search-label" for="accounting-toolbar-search" class="input-group-text">
      <button type="submit">
--- a/src/accounting/templates/accounting/report/include/search-modal.html
+++ b/src/accounting/templates/accounting/report/include/search-modal.html
@ -19,7 +19,7 @@ search-modal.html: The search modal
 Author: imacat@mail.imacat.idv.tw (imacat)
 First written: 2023/3/8
 #}
-<form action="{{ url_for("accounting-report.search") }}" method="get" role="search" aria-labelledby="accounting-search-modal-label">
+<form action="{{ url_for("accounting-report.search") }}" name="accounting-search-form" method="get" role="search" aria-labelledby="accounting-search-modal-label">
  <div class="modal fade" id="accounting-search-modal" tabindex="-1" aria-labelledby="accounting-search-modal-label" aria-hidden="true">
    <div class="modal-dialog">
      <div class="modal-content">
--- a/src/accounting/templates/accounting/report/include/toolbar-buttons.html
+++ b/src/accounting/templates/accounting/report/include/toolbar-buttons.html
@ -118,7 +118,7 @@ First written: 2023/3/8
  </button>
 {% endif %}
 {% if use_search %}
-  <form class="btn btn-primary d-flex input-group" action="{{ url_for("accounting-report.search") }}" method="get" role="search" aria-labelledby="accounting-toolbar-search-label">
+  <form class="btn btn-primary d-flex input-group" name="accounting-search-form" action="{{ url_for("accounting-report.search") }}" method="get" role="search" aria-labelledby="accounting-toolbar-search-label">
    <input id="accounting-toolbar-search" class="form-control form-control-sm" type="search" name="q" value="{{ request.args.q }}" placeholder=" " required="required">
    <label id="accounting-toolbar-search-label" for="accounting-toolbar-search" class="input-group-text">
      <button type="submit">