Make csrf_meta_tags use the tag helper

Improved formatting of csrf_helper and improved test coverage
author: James Robinson <robinjam304@hotmail.com> 2011-04-08 02:18:33 +0200
committer: Xavier Noria <fxn@hashref.com> 2011-04-08 02:21:08 +0200
commit: 2cdc1f0cd5b89722e8c22bb4b26b83bd4619b28a (patch)
tree: 6aab6076239e7421484533207223d7de5b5a34d1 /actionpack
parent: a7c5d40d80179c19a249bed7a5f808dadf92b54c (diff)
download: rails-2cdc1f0cd5b89722e8c22bb4b26b83bd4619b28a.tar.gz
rails-2cdc1f0cd5b89722e8c22bb4b26b83bd4619b28a.tar.bz2
rails-2cdc1f0cd5b89722e8c22bb4b26b83bd4619b28a.zip
2 files changed, 9 insertions, 9 deletions
diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb
index 65c8debc76..1f2bc28cac 100644
--- a/actionpack/lib/action_view/helpers/csrf_helper.rb
+++ b/actionpack/lib/action_view/helpers/csrf_helper.rb
@@ -17,10 +17,12 @@ module ActionView
       # Note that regular forms generate hidden fields, and that Ajax calls are whitelisted,
       # so they do not use these tags.
       def csrf_meta_tags
-        <<-METAS.strip_heredoc.chomp.html_safe if protect_against_forgery?
-          <meta name="csrf-param" content="#{Rack::Utils.escape_html(request_forgery_protection_token)}"/>
-          <meta name="csrf-token" content="#{Rack::Utils.escape_html(form_authenticity_token)}"/>
-        METAS
+        if protect_against_forgery?
+          [
+            tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token),
+            tag('meta', :name => 'csrf-token', :content => form_authenticity_token)
+          ].join("\n").html_safe
+        end
       end
 
       # For backwards compatibility.
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index d520b5e512..31f4bf3a76 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -172,13 +172,11 @@ end
 class RequestForgeryProtectionControllerTest < ActionController::TestCase
   include RequestForgeryProtectionTests
 
-  test 'should emit a csrf-token meta tag' do
+  test 'should emit a csrf-param meta tag and a csrf-token meta tag' do
     ActiveSupport::SecureRandom.stubs(:base64).returns(@token + '<=?')
     get :meta
-    assert_equal <<-METAS.strip_heredoc.chomp, @response.body
-      <meta name="csrf-param" content="authenticity_token"/>
-      <meta name="csrf-token" content="cf50faa3fe97702ca1ae&lt;=?"/>
-    METAS
+    assert_select 'meta[name=?][content=?]', 'csrf-param', 'authenticity_token'
+    assert_select 'meta[name=?][content=?]', 'csrf-token', 'cf50faa3fe97702ca1ae&lt;=?'
   end
 end
author	James Robinson <robinjam304@hotmail.com>	2011-04-08 02:18:33 +0200
committer	Xavier Noria <fxn@hashref.com>	2011-04-08 02:21:08 +0200
commit	2cdc1f0cd5b89722e8c22bb4b26b83bd4619b28a (patch)
tree	6aab6076239e7421484533207223d7de5b5a34d1 /actionpack
parent	a7c5d40d80179c19a249bed7a5f808dadf92b54c (diff)
download	rails-2cdc1f0cd5b89722e8c22bb4b26b83bd4619b28a.tar.gz rails-2cdc1f0cd5b89722e8c22bb4b26b83bd4619b28a.tar.bz2 rails-2cdc1f0cd5b89722e8c22bb4b26b83bd4619b28a.zip