diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2014-03-13 11:18:01 -0700 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2014-03-13 11:18:01 -0700 |
| commit | 66e032117fa5c6953a7b1d791dcdc1ee029e4cef (patch) | |
| tree | a6917f6738455335e040b8e724d66919418e191d /guides/source/action_view_overview.md | |
| parent | 37ca1b43af423e61d9b0e8e134c3c126ed754316 (diff) | |
| parent | e88da370f190cabd1e9750c5b3531735950ab415 (diff) | |
| download | rails-66e032117fa5c6953a7b1d791dcdc1ee029e4cef.tar.gz rails-66e032117fa5c6953a7b1d791dcdc1ee029e4cef.tar.bz2 rails-66e032117fa5c6953a7b1d791dcdc1ee029e4cef.zip | |
Merge branch 'master' into adequaterecord
* master: (108 commits)
make tests pass on Ruby 2.2
Use Sqlite3 adapter in examples
use the body proxy to freeze headers
just ask the response for the commit status, we do not need to ask the jar
only write the jar if the response isn't committed
Fix a grammatical error in the i18n guide [ci skip]
use method_defined? to check whether or not a method is defined
Enhance docs for update_attribute [ci-skip]
Change usec to 0 on tests that compare seconds
Unit test for mysql quote time usec
Changelog entry for mysql56 microseconds
Test microsecond on mysql 5.6
MySQL 5.6 and later supports microsecond precision in datetime.
[ci skip] Add documentation for original_fullpath.
Remove mocking on save, when not necessary
comment why we are modifying global state. [ci skip]
`change_table` supports `citext`. Follow up to #12523.
Removed unnecessary command "application"
register OID for PostgreSQL citex datatype [Troy Kruthoff & Lachlan Sylvester]
Fixes STI when 2+ levels deep.
...
Diffstat (limited to 'guides/source/action_view_overview.md')
| -rw-r--r-- | guides/source/action_view_overview.md | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/guides/source/action_view_overview.md b/guides/source/action_view_overview.md index 6a355a5177..74f95bfcfd 100644 --- a/guides/source/action_view_overview.md +++ b/guides/source/action_view_overview.md @@ -1550,7 +1550,7 @@ end Sanitizes a block of CSS code. -#### strip_links(html) +#### strip_links(html) Strips all link tags from text leaving just the link text. ```ruby @@ -1568,9 +1568,9 @@ strip_links('Blog: <a href="http://myblog.com/">Visit</a>.') # => Blog: Visit. ``` -#### strip_tags(html) +#### strip_tags(html) -Strips all HTML tags from the html, including comments. +Strips all HTML tags from the html, including comments. This uses the html-scanner tokenizer and so its HTML parsing ability is limited by that of html-scanner. ```ruby @@ -1585,6 +1585,17 @@ strip_tags("<b>Bold</b> no more! <a href='more.html'>See more</a>") NB: The output may still contain unescaped '<', '>', '&' characters and confuse browsers. +### CsrfHelper + +Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site +request forgery protection parameter and token, respectively. + +```html +<%= csrf_meta_tags %> +``` + +NOTE: Regular forms generate hidden fields so they do not use these tags. More +details can be found in the [Rails Security Guide](security.html#cross-site-request-forgery-csrf). Localized Views --------------- |