Class: Egalite::CSRFTemplate

Inherits:

HTMLTemplate

• Object
• HTMLTemplate
• Egalite::CSRFTemplate

Defined in:

lib/egalite/template.rb

Constant Summary

RE_FORM =

/<form\s+([^>]+?)>(?!\s*<input type='hidden' name='csrf')/im

Constants inherited from HTMLTemplate

HTMLTemplate::RE_A, HTMLTemplate::RE_ENDNEST, HTMLTemplate::RE_INCLUDE, HTMLTemplate::RE_INPUT, HTMLTemplate::RE_NEST, HTMLTemplate::RE_PARENT, HTMLTemplate::RE_PLACE, HTMLTemplate::RE_SELECT, HTMLTemplate::RE_YIELD

Instance Attribute Summary

Attributes inherited from HTMLTemplate

#controller, #default_escape

Instance Method Summary

• #form_tag(html, params) ⇒ Object

Methods inherited from HTMLTemplate

#escapeHTML, #handleTemplate, #initialize

Constructor Details

This class inherits a constructor from Egalite::HTMLTemplate

Instance Method Details

#form_tag(html, params) ⇒ Object

# File 'lib/egalite/template.rb', line 269

def form_tag(html,params)
  html.gsub!(RE_FORM) { |s|
    formtag = s
    attrs = parse_tag_attributes($1)
    csrf = nil
    if attrs[":nocsrf"]
      attrs.delete(":nocsrf")
    elsif attrs["method"] =~ /\APOST\Z/i
      csrf = params["csrf"]
      csrf = "<input type='hidden' name='csrf' value='#{escapeHTML(csrf)}'/>"
    end
    
    if (not attrs['action']) and @controller
      (colons, noncolons) = attr_colon(attrs)
      unless colons.empty?
        colons = StringifyHash.create(colons)
        link = @controller.url_for(colons)
        formtag = "<form action='#{link}' #{noncolons}>"
      end
    end
    "#{formtag}#{csrf}"
  }
end