class Egalite::CSRFTemplate
Constants
- RE_FORM
Public Instance Methods
form_tag(html,params)
click to toggle source
# File lib/egalite/template.rb, line 269 def form_tag(html,params) html.gsub!(RE_FORM) { |s| formtag = s attrs = parse_tag_attributes($1) csrf = nil if attrs[":nocsrf"] attrs.delete(":nocsrf") elsif attrs["method"] =~ /\APOST\Z/i csrf = params["csrf"] csrf = "<input type='hidden' name='csrf' value='#{escapeHTML(csrf)}'/>" end if (not attrs['action']) and @controller (colons, noncolons) = attr_colon(attrs) unless colons.empty? colons = StringifyHash.create(colons) link = @controller.url_for(colons) formtag = "<form action='#{link}' #{noncolons}>" end end "#{formtag}#{csrf}" } end