I noticed while looking at the HTML of an edit page that WordPress uses a lot of hidden input elements for storing nonces. Is there a significant advantage to using either this style of storing nonces for AJAX use or using those stored via the wp_localize_script style?
2 Answers
Depends, will the form work with AJAX turned off?
If so use an input and degrade gracefully.
Otherwise, define nonces used by JS using JS for consistency, and to prevent grabbing stuff from the DOM
