diff options
author | Gonçalo Silva <goncalossilva@gmail.com> | 2011-04-17 17:08:49 +0100 |
---|---|---|
committer | Gonçalo Silva <goncalossilva@gmail.com> | 2011-04-17 17:08:49 +0100 |
commit | 1c2b2233c3a7ec76c0a0eddf5b8be45c489be133 (patch) | |
tree | 56f2b767c3a4f1f14c51606bf2cbb714a98c5f89 /actionpack/lib/action_view/helpers/csrf_helper.rb | |
parent | 8d558cb1b069410c8f693295c9c4e2ffc9661e06 (diff) | |
parent | b6843f22ac42b503f6b8ac00105ca0679049be7d (diff) | |
download | rails-1c2b2233c3a7ec76c0a0eddf5b8be45c489be133.tar.gz rails-1c2b2233c3a7ec76c0a0eddf5b8be45c489be133.tar.bz2 rails-1c2b2233c3a7ec76c0a0eddf5b8be45c489be133.zip |
Merge branch 'master' of https://github.com/rails/rails into performance_test
Diffstat (limited to 'actionpack/lib/action_view/helpers/csrf_helper.rb')
-rw-r--r-- | actionpack/lib/action_view/helpers/csrf_helper.rb | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb index 65c8debc76..1f2bc28cac 100644 --- a/actionpack/lib/action_view/helpers/csrf_helper.rb +++ b/actionpack/lib/action_view/helpers/csrf_helper.rb @@ -17,10 +17,12 @@ module ActionView # Note that regular forms generate hidden fields, and that Ajax calls are whitelisted, # so they do not use these tags. def csrf_meta_tags - <<-METAS.strip_heredoc.chomp.html_safe if protect_against_forgery? - <meta name="csrf-param" content="#{Rack::Utils.escape_html(request_forgery_protection_token)}"/> - <meta name="csrf-token" content="#{Rack::Utils.escape_html(form_authenticity_token)}"/> - METAS + if protect_against_forgery? + [ + tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token), + tag('meta', :name => 'csrf-token', :content => form_authenticity_token) + ].join("\n").html_safe + end end # For backwards compatibility. |