aboutsummaryrefslogtreecommitdiffstats
path: root/guides
diff options
context:
space:
mode:
authorYves Senn <yves.senn@gmail.com>2014-03-08 13:41:38 +0100
committerYves Senn <yves.senn@gmail.com>2014-03-08 13:41:38 +0100
commit2883cb97663ec4cc41932d4e8d0878af96262372 (patch)
tree73e3466991fb92fb896f5b4002dac3f29cf996aa /guides
parent62e8145430e0a327fa14975b84b9079cedf60863 (diff)
downloadrails-2883cb97663ec4cc41932d4e8d0878af96262372.tar.gz
rails-2883cb97663ec4cc41932d4e8d0878af96262372.tar.bz2
rails-2883cb97663ec4cc41932d4e8d0878af96262372.zip
added CSRF helper to rails guide documentation. Closes #11615. [ci skip]
Diffstat (limited to 'guides')
-rw-r--r--guides/source/action_view_overview.md22
1 files changed, 19 insertions, 3 deletions
diff --git a/guides/source/action_view_overview.md b/guides/source/action_view_overview.md
index 6a355a5177..f31bc4552c 100644
--- a/guides/source/action_view_overview.md
+++ b/guides/source/action_view_overview.md
@@ -1550,7 +1550,7 @@ end
Sanitizes a block of CSS code.
-#### strip_links(html)
+#### strip_links(html)
Strips all link tags from text leaving just the link text.
```ruby
@@ -1568,9 +1568,9 @@ strip_links('Blog: <a href="http://myblog.com/">Visit</a>.')
# => Blog: Visit.
```
-#### strip_tags(html)
+#### strip_tags(html)
-Strips all HTML tags from the html, including comments.
+Strips all HTML tags from the html, including comments.
This uses the html-scanner tokenizer and so its HTML parsing ability is limited by that of html-scanner.
```ruby
@@ -1585,6 +1585,22 @@ strip_tags("<b>Bold</b> no more! <a href='more.html'>See more</a>")
NB: The output may still contain unescaped '<', '>', '&' characters and confuse browsers.
+### CsrfHelper
+
+Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site
+request forgery protection parameter and token, respectively.
+
+```html
+ <%= csrf_meta_tags %>
+```
+
+These are used to generate the dynamic forms that implement non-remote links
+with `:method`.
+
+Note that regular forms generate hidden fields, and that Ajax calls are
+whitelisted, so they do not use these tags.
+
+More details can be found in the [Rails Security Guide](security.html).
Localized Views
---------------