1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Remove wrapping div with inline styles for hidden form fields.

We are dropping HTML 4.01 and XHTML strict compliance since input
tags directly inside a form are valid HTML5, and the absense of
inline styles help in validating for Content Security Policy.
This commit is contained in:
Joost Baaij 2014-04-14 00:38:46 +02:00
parent 4baa866e35
commit 89ff1f82f0
5 changed files with 30 additions and 15 deletions

View file

@ -1,3 +1,11 @@
* Remove wrapping div with inline styles for hidden form fields.
We are dropping HTML 4.01 and XHTML strict compliance since input tags directly
inside a form are valid HTML5, and the absense of inline styles help in validating
for Content Security Policy.
*Joost Baaij*
* `date_select` helper with option `with_css_classes: true` does not overwrite other classes.
*Izumi Wong-Horiuchi*

View file

@ -726,9 +726,11 @@ module ActionView
method_tag(method) + token_tag(authenticity_token)
end
enforce_utf8 = html_options.delete("enforce_utf8") { true }
tags = (enforce_utf8 ? utf8_enforcer_tag : ''.html_safe) << method_tag
content_tag(:div, tags, :style => 'display:none')
if html_options.delete("enforce_utf8") { true }
utf8_enforcer_tag + method_tag
else
method_tag
end
end
def form_tag_html(html_options)

View file

@ -59,12 +59,13 @@ class FormHelperActiveRecordTest < ActionView::TestCase
protected
def hidden_fields(method = nil)
txt = %{<div style="display:none">}
txt << %{<input name="utf8" type="hidden" value="&#x2713;" />}
txt = %{<input name="utf8" type="hidden" value="&#x2713;" />}
if method && !%w(get post).include?(method.to_s)
txt << %{<input name="_method" type="hidden" value="#{method}" />}
end
txt << %{</div>}
txt
end
def form_text(action = "/", id = nil, html_class = nil, remote = nil, multipart = nil, method = nil)
@ -88,4 +89,4 @@ class FormHelperActiveRecordTest < ActionView::TestCase
form_text(action, id, html_class, remote, multipart, method) + hidden_fields(method) + contents + "</form>"
end
end
end

View file

@ -3020,12 +3020,13 @@ class FormHelperTest < ActionView::TestCase
protected
def hidden_fields(method = nil)
txt = %{<div style="display:none">}
txt << %{<input name="utf8" type="hidden" value="&#x2713;" />}
txt = %{<input name="utf8" type="hidden" value="&#x2713;" />}
if method && !%w(get post).include?(method.to_s)
txt << %{<input name="_method" type="hidden" value="#{method}" />}
end
txt << %{</div>}
txt
end
def form_text(action = "/", id = nil, html_class = nil, remote = nil, multipart = nil, method = nil)

View file

@ -14,12 +14,15 @@ class FormTagHelperTest < ActionView::TestCase
method = options[:method]
enforce_utf8 = options.fetch(:enforce_utf8, true)
txt = %{<div style="display:none">}
txt << %{<input name="utf8" type="hidden" value="&#x2713;" />} if enforce_utf8
if method && !%w(get post).include?(method.to_s)
txt << %{<input name="_method" type="hidden" value="#{method}" />}
''.tap do |txt|
if enforce_utf8
txt << %{<input name="utf8" type="hidden" value="&#x2713;" />}
end
if method && !%w(get post).include?(method.to_s)
txt << %{<input name="_method" type="hidden" value="#{method}" />}
end
end
txt << %{</div>}
end
def form_text(action = "http://www.example.com", options = {})