mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Remove wrapping div with inline styles for hidden form fields.
We are dropping HTML 4.01 and XHTML strict compliance since input tags directly inside a form are valid HTML5, and the absense of inline styles help in validating for Content Security Policy.
This commit is contained in:
parent
4baa866e35
commit
89ff1f82f0
5 changed files with 30 additions and 15 deletions
|
@ -1,3 +1,11 @@
|
|||
* Remove wrapping div with inline styles for hidden form fields.
|
||||
|
||||
We are dropping HTML 4.01 and XHTML strict compliance since input tags directly
|
||||
inside a form are valid HTML5, and the absense of inline styles help in validating
|
||||
for Content Security Policy.
|
||||
|
||||
*Joost Baaij*
|
||||
|
||||
* `date_select` helper with option `with_css_classes: true` does not overwrite other classes.
|
||||
|
||||
*Izumi Wong-Horiuchi*
|
||||
|
|
|
@ -726,9 +726,11 @@ module ActionView
|
|||
method_tag(method) + token_tag(authenticity_token)
|
||||
end
|
||||
|
||||
enforce_utf8 = html_options.delete("enforce_utf8") { true }
|
||||
tags = (enforce_utf8 ? utf8_enforcer_tag : ''.html_safe) << method_tag
|
||||
content_tag(:div, tags, :style => 'display:none')
|
||||
if html_options.delete("enforce_utf8") { true }
|
||||
utf8_enforcer_tag + method_tag
|
||||
else
|
||||
method_tag
|
||||
end
|
||||
end
|
||||
|
||||
def form_tag_html(html_options)
|
||||
|
|
|
@ -59,12 +59,13 @@ class FormHelperActiveRecordTest < ActionView::TestCase
|
|||
protected
|
||||
|
||||
def hidden_fields(method = nil)
|
||||
txt = %{<div style="display:none">}
|
||||
txt << %{<input name="utf8" type="hidden" value="✓" />}
|
||||
txt = %{<input name="utf8" type="hidden" value="✓" />}
|
||||
|
||||
if method && !%w(get post).include?(method.to_s)
|
||||
txt << %{<input name="_method" type="hidden" value="#{method}" />}
|
||||
end
|
||||
txt << %{</div>}
|
||||
|
||||
txt
|
||||
end
|
||||
|
||||
def form_text(action = "/", id = nil, html_class = nil, remote = nil, multipart = nil, method = nil)
|
||||
|
@ -88,4 +89,4 @@ class FormHelperActiveRecordTest < ActionView::TestCase
|
|||
|
||||
form_text(action, id, html_class, remote, multipart, method) + hidden_fields(method) + contents + "</form>"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3020,12 +3020,13 @@ class FormHelperTest < ActionView::TestCase
|
|||
protected
|
||||
|
||||
def hidden_fields(method = nil)
|
||||
txt = %{<div style="display:none">}
|
||||
txt << %{<input name="utf8" type="hidden" value="✓" />}
|
||||
txt = %{<input name="utf8" type="hidden" value="✓" />}
|
||||
|
||||
if method && !%w(get post).include?(method.to_s)
|
||||
txt << %{<input name="_method" type="hidden" value="#{method}" />}
|
||||
end
|
||||
txt << %{</div>}
|
||||
|
||||
txt
|
||||
end
|
||||
|
||||
def form_text(action = "/", id = nil, html_class = nil, remote = nil, multipart = nil, method = nil)
|
||||
|
|
|
@ -14,12 +14,15 @@ class FormTagHelperTest < ActionView::TestCase
|
|||
method = options[:method]
|
||||
enforce_utf8 = options.fetch(:enforce_utf8, true)
|
||||
|
||||
txt = %{<div style="display:none">}
|
||||
txt << %{<input name="utf8" type="hidden" value="✓" />} if enforce_utf8
|
||||
if method && !%w(get post).include?(method.to_s)
|
||||
txt << %{<input name="_method" type="hidden" value="#{method}" />}
|
||||
''.tap do |txt|
|
||||
if enforce_utf8
|
||||
txt << %{<input name="utf8" type="hidden" value="✓" />}
|
||||
end
|
||||
|
||||
if method && !%w(get post).include?(method.to_s)
|
||||
txt << %{<input name="_method" type="hidden" value="#{method}" />}
|
||||
end
|
||||
end
|
||||
txt << %{</div>}
|
||||
end
|
||||
|
||||
def form_text(action = "http://www.example.com", options = {})
|
||||
|
|
Loading…
Reference in a new issue