diff options
| author | James Robinson <robinjam304@hotmail.com> | 2011-04-08 02:18:33 +0200 |
|---|---|---|
| committer | Xavier Noria <fxn@hashref.com> | 2011-04-08 02:21:08 +0200 |
| commit | 2cdc1f0cd5b89722e8c22bb4b26b83bd4619b28a (patch) | |
| tree | 6aab6076239e7421484533207223d7de5b5a34d1 /actionpack/lib/action_view | |
| parent | a7c5d40d80179c19a249bed7a5f808dadf92b54c (diff) | |
| download | rails-2cdc1f0cd5b89722e8c22bb4b26b83bd4619b28a.tar.gz rails-2cdc1f0cd5b89722e8c22bb4b26b83bd4619b28a.tar.bz2 rails-2cdc1f0cd5b89722e8c22bb4b26b83bd4619b28a.zip | |
Make csrf_meta_tags use the tag helper
Improved formatting of csrf_helper and improved test coverage
Diffstat (limited to 'actionpack/lib/action_view')
| -rw-r--r-- | actionpack/lib/action_view/helpers/csrf_helper.rb | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb index 65c8debc76..1f2bc28cac 100644 --- a/actionpack/lib/action_view/helpers/csrf_helper.rb +++ b/actionpack/lib/action_view/helpers/csrf_helper.rb @@ -17,10 +17,12 @@ module ActionView # Note that regular forms generate hidden fields, and that Ajax calls are whitelisted, # so they do not use these tags. def csrf_meta_tags - <<-METAS.strip_heredoc.chomp.html_safe if protect_against_forgery? - <meta name="csrf-param" content="#{Rack::Utils.escape_html(request_forgery_protection_token)}"/> - <meta name="csrf-token" content="#{Rack::Utils.escape_html(form_authenticity_token)}"/> - METAS + if protect_against_forgery? + [ + tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token), + tag('meta', :name => 'csrf-token', :content => form_authenticity_token) + ].join("\n").html_safe + end end # For backwards compatibility. |