From 2883cb97663ec4cc41932d4e8d0878af96262372 Mon Sep 17 00:00:00 2001 From: Yves Senn Date: Sat, 8 Mar 2014 13:41:38 +0100 Subject: added CSRF helper to rails guide documentation. Closes #11615. [ci skip] --- guides/source/action_view_overview.md | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'guides/source/action_view_overview.md') diff --git a/guides/source/action_view_overview.md b/guides/source/action_view_overview.md index 6a355a5177..f31bc4552c 100644 --- a/guides/source/action_view_overview.md +++ b/guides/source/action_view_overview.md @@ -1550,7 +1550,7 @@ end Sanitizes a block of CSS code. -#### strip_links(html) +#### strip_links(html) Strips all link tags from text leaving just the link text. ```ruby @@ -1568,9 +1568,9 @@ strip_links('Blog: Visit.') # => Blog: Visit. ``` -#### strip_tags(html) +#### strip_tags(html) -Strips all HTML tags from the html, including comments. +Strips all HTML tags from the html, including comments. This uses the html-scanner tokenizer and so its HTML parsing ability is limited by that of html-scanner. ```ruby @@ -1585,6 +1585,22 @@ strip_tags("Bold no more! See more") NB: The output may still contain unescaped '<', '>', '&' characters and confuse browsers. +### CsrfHelper + +Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site +request forgery protection parameter and token, respectively. + +```html + <%= csrf_meta_tags %> +``` + +These are used to generate the dynamic forms that implement non-remote links +with `:method`. + +Note that regular forms generate hidden fields, and that Ajax calls are +whitelisted, so they do not use these tags. + +More details can be found in the [Rails Security Guide](security.html). Localized Views --------------- -- cgit v1.2.3 From dc8bfc8ab62c3e3a776297226ef43027bc7d09c1 Mon Sep 17 00:00:00 2001 From: Yves Senn Date: Sat, 8 Mar 2014 15:46:43 +0100 Subject: docs, shorten CsrfHelper description and refer to security guide. [ci skip] --- guides/source/action_view_overview.md | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'guides/source/action_view_overview.md') diff --git a/guides/source/action_view_overview.md b/guides/source/action_view_overview.md index f31bc4552c..74f95bfcfd 100644 --- a/guides/source/action_view_overview.md +++ b/guides/source/action_view_overview.md @@ -1591,16 +1591,11 @@ Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site request forgery protection parameter and token, respectively. ```html - <%= csrf_meta_tags %> +<%= csrf_meta_tags %> ``` -These are used to generate the dynamic forms that implement non-remote links -with `:method`. - -Note that regular forms generate hidden fields, and that Ajax calls are -whitelisted, so they do not use these tags. - -More details can be found in the [Rails Security Guide](security.html). +NOTE: Regular forms generate hidden fields so they do not use these tags. More +details can be found in the [Rails Security Guide](security.html#cross-site-request-forgery-csrf). Localized Views --------------- -- cgit v1.2.3