2 files changed, 11 insertions, 2 deletions

diff --git a/actionpack/lib/action_view/helpers/prototype_helper.rb b/actionpack/lib/action_view/helpers/prototype_helper.rb
index d9c980cd0d..6f5acac137 100644
--- a/actionpack/lib/action_view/helpers/prototype_helper.rb
+++ b/actionpack/lib/action_view/helpers/prototype_helper.rb
@@ -1019,7 +1019,7 @@ module ActionView
           js_options['parameters'] = options[:with]
         end
         
-        if protect_against_forgery?
+        if protect_against_forgery? && !options[:form]
           if js_options['parameters']
             js_options['parameters'] << " + '&"
           else
@@ -1204,7 +1204,7 @@ module ActionView
         append_enumerable_function!("zip(#{arguments_for_call arguments}")
         if block
           function_chain[-1] += ", function(array) {"
-          yield ::ActiveSupport::JSON::Variable.new('array')
+          yield ActiveSupport::JSON::Variable.new('array')
           add_return_statement!
           @generator << '});'
         else
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 4fcdc7ed4a..d0c3c6e224 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -22,6 +22,10 @@ module RequestForgeryProtectionActions
     render :inline => "<%= button_to('New', '/') {} %>"
   end
   
+  def remote_form
+    render :inline => "<% form_remote_tag(:url => '/') {} %>"
+  end
+
   def unsafe
     render :text => 'pwn'
   end
@@ -75,6 +79,11 @@ module RequestForgeryProtectionTests
     assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token
   end
 
+  def test_should_render_remote_form_with_only_one_token_parameter
+    get :remote_form
+    assert_equal 1, @response.body.scan(@token).size
+  end
+
   def test_should_allow_get
     get :index
     assert_response :success