class Egalite::CSRFTemplate

Constants

RE_FORM

Public Instance Methods

form_tag(html,params) click to toggle source
# File lib/egalite/template.rb, line 269
def form_tag(html,params)
  html.gsub!(RE_FORM) { |s|
    formtag = s
    attrs = parse_tag_attributes($1)
    csrf = nil
    if attrs[":nocsrf"]
      attrs.delete(":nocsrf")
    elsif attrs["method"] =~ /\APOST\Z/i
      csrf = params["csrf"]
      csrf = "<input type='hidden' name='csrf' value='#{escapeHTML(csrf)}'/>"
    end
    
    if (not attrs['action']) and @controller
      (colons, noncolons) = attr_colon(attrs)
      unless colons.empty?
        colons = StringifyHash.create(colons)
        link = @controller.url_for(colons)
        formtag = "<form action='#{link}' #{noncolons}>"
      end
    end
    "#{formtag}#{csrf}"
  }
end