Try:
input(type="hidden", name="_csrf", value=_csrf)
That should output the token for you.
Question
From the examples, using the default ejs engine, the hidden input required for csrf protection is:
<input type="hidden" name="_csrf" value="<%= _csrf %>" />
What is the jade equivalent? Is it:
input(type="hidden", name="_csrf", value='#{_csrf}')
Thanks.
EDIT: I've tried both value='#{_csrf}'
and value=#{_csrf}
and I'm pretty sure neither are correct as they don't display the right csrf token.
Solution
Try:
input(type="hidden", name="_csrf", value=_csrf)
That should output the token for you.