diff options
| author | Frederick Cheung <frederick.cheung@gmail.com> | 2009-01-24 15:18:44 +0000 |
|---|---|---|
| committer | Frederick Cheung <frederick.cheung@gmail.com> | 2009-01-24 15:18:44 +0000 |
| commit | 0aef4994515bafc1607db7b8d2d0d015a5aeea15 (patch) | |
| tree | f34384061f8224f7ae9d12650d951dd8786dba87 /railties/doc/guides | |
| parent | d40ed8e99ece7a657a2a019a9854f1ee415d0189 (diff) | |
| download | rails-0aef4994515bafc1607db7b8d2d0d015a5aeea15.tar.gz rails-0aef4994515bafc1607db7b8d2d0d015a5aeea15.tar.bz2 rails-0aef4994515bafc1607db7b8d2d0d015a5aeea15.zip | |
when mentionning csrf link to the security guide
Diffstat (limited to 'railties/doc/guides')
| -rw-r--r-- | railties/doc/guides/source/form_helpers.txt | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/railties/doc/guides/source/form_helpers.txt b/railties/doc/guides/source/form_helpers.txt index df7a7e165f..71393fe603 100644 --- a/railties/doc/guides/source/form_helpers.txt +++ b/railties/doc/guides/source/form_helpers.txt @@ -26,7 +26,7 @@ The most basic form helper is `form_tag`. <% end %> ---------------------------------------------------------------------------- -When called without arguments like this, it creates a form element that has the current page for action attribute and "post" as method (some line breaks added for readability): +When called without arguments like this, it creates a form element that has the current page as its action and "post" as its method (some line breaks added for readability): .Sample output from `form_tag` ---------------------------------------------------------------------------- @@ -38,12 +38,12 @@ When called without arguments like this, it creates a form element that has the </form> ---------------------------------------------------------------------------- -If you carefully observe this output, you can see that the helper generated something you didn't specify: a `div` element with a hidden input inside. This is a security feature of Rails called *cross-site request forgery protection* and form helpers generate it for every form whose action is not "get" (provided that this security feature is enabled). +If you carefully observe this output, you can see that the helper generated something you didn't specify: a `div` element with a hidden input inside. This is a security feature of Rails called *cross-site request forgery protection* and form helpers generate it for every form whose action is not "get" (provided that this security feature is enabled). You can read more about this in the link:./security.html#_cross_site_reference_forgery_csrf[Ruby On Rails Security Guide]. NOTE: Throughout this guide, this `div` with the hidden input will be stripped away to have clearer code samples. -Generic search form -~~~~~~~~~~~~~~~~~~~ +A Generic search form +~~~~~~~~~~~~~~~~~~~~~ Probably the most minimal form often seen on the web is a search form with a single text input for search terms. This form consists of: |