From 2cdc1f0cd5b89722e8c22bb4b26b83bd4619b28a Mon Sep 17 00:00:00 2001
From: James Robinson <robinjam304@hotmail.com>
Date: Fri, 8 Apr 2011 02:18:33 +0200
Subject: Make csrf_meta_tags use the tag helper

Improved formatting of csrf_helper and improved test coverage
---
 actionpack/lib/action_view/helpers/csrf_helper.rb | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'actionpack/lib/action_view')

diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb
index 65c8debc76..1f2bc28cac 100644
--- a/actionpack/lib/action_view/helpers/csrf_helper.rb
+++ b/actionpack/lib/action_view/helpers/csrf_helper.rb
@@ -17,10 +17,12 @@ module ActionView
       # Note that regular forms generate hidden fields, and that Ajax calls are whitelisted,
       # so they do not use these tags.
       def csrf_meta_tags
-        <<-METAS.strip_heredoc.chomp.html_safe if protect_against_forgery?
-          <meta name="csrf-param" content="#{Rack::Utils.escape_html(request_forgery_protection_token)}"/>
-          <meta name="csrf-token" content="#{Rack::Utils.escape_html(form_authenticity_token)}"/>
-        METAS
+        if protect_against_forgery?
+          [
+            tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token),
+            tag('meta', :name => 'csrf-token', :content => form_authenticity_token)
+          ].join("\n").html_safe
+        end
       end
 
       # For backwards compatibility.
-- 
cgit v1.2.3