Ticket #10055: in_place_editing_should_work_with_csrf_and_rjs.patch
| File in_place_editing_should_work_with_csrf_and_rjs.patch, 3.7 kB (added by moses, 7 months ago) |
|---|
-
test/in_place_editing_test.rb
old new 20 20 end 21 21 end 22 22 @controller = @controller.new 23 @protect_against_forgery = false 23 24 end 24 25 26 def protect_against_forgery? 27 @protect_against_forgery 28 end 29 25 30 def test_in_place_editor_external_control 26 31 assert_dom_equal %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Ajax.InPlaceEditor('some_input', 'http://www.example.com/inplace_edit', {externalControl:'blah'})\n//]]>\n</script>), 27 32 in_place_editor('some_input', {:url => {:action => 'inplace_edit'}, :external_control => 'blah'}) … … 59 64 :load_text_url => { :action => "action_to_get_value" }) 60 65 end 61 66 62 def test_in_place_editor_ eval_scripts63 assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', { evalScripts:true})",67 def test_in_place_editor_html_response 68 assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {htmlResponse:false})", 64 69 in_place_editor( 'id-goes-here', 65 70 :url => { :action => "action_to_set_value" }, 66 71 :script => true ) 67 72 end 68 73 74 def form_authenticity_token 75 "authenticity token" 76 end 77 78 def test_in_place_editor_with_forgery_protection 79 @protect_against_forgery = true 80 assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {callback:function(form) { return Form.serialize(form) + '&authenticity_token=' + encodeURIComponent('authenticity token') }})", 81 in_place_editor( 'id-goes-here', :url => { :action => "action_to_set_value" }) 82 end 83 84 def test_in_place_editor_text_between_controls 85 assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {textBetweenControls:'or'})", 86 in_place_editor( 'id-goes-here', 87 :url => { :action => "action_to_set_value" }, 88 :text_between_controls => "or" ) 89 end 69 90 end -
lib/in_place_macros_helper.rb
old new 40 40 function << "'#{url_for(options[:url])}'" 41 41 42 42 js_options = {} 43 44 if protect_against_forgery? 45 options[:with] ||= "Form.serialize(form)" 46 options[:with] += " + '&authenticity_token=' + encodeURIComponent('#{form_authenticity_token}')" 47 end 48 43 49 js_options['cancelText'] = %('#{options[:cancel_text]}') if options[:cancel_text] 44 50 js_options['okText'] = %('#{options[:save_text]}') if options[:save_text] 45 51 js_options['loadingText'] = %('#{options[:loading_text]}') if options[:loading_text] … … 50 56 js_options['externalControl'] = "'#{options[:external_control]}'" if options[:external_control] 51 57 js_options['loadTextURL'] = "'#{url_for(options[:load_text_url])}'" if options[:load_text_url] 52 58 js_options['ajaxOptions'] = options[:options] if options[:options] 53 js_options[' evalScripts'] =options[:script] if options[:script]59 js_options['htmlResponse'] = !options[:script] if options[:script] 54 60 js_options['callback'] = "function(form) { return #{options[:with]} }" if options[:with] 55 61 js_options['clickToEditText'] = %('#{options[:click_to_edit_text]}') if options[:click_to_edit_text] 62 js_options['textBetweenControls'] = %('#{options[:text_between_controls]}') if options[:text_between_controls] 56 63 function << (', ' + options_for_javascript(js_options)) unless js_options.empty? 57 64 58 65 function << ')'
