I'm going over some source code and trying to figure out where _csrf came from. As far as I can guess, it looks like an implicit EL object. Maybe related to authentication and spring security.
The below is the code that contains _csrf.
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
What does ${_csrf} do? Is this an implicit EL object?
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.
This input protects form from csrf attacks by adding a special csrf token to all of your page requests
Check this out: https://en.wikipedia.org/wiki/Cross-site_request_forgery https://www.baeldung.com/spring-security-csrf