Index: test/in_place_editing_test.rb
===================================================================
--- test/in_place_editing_test.rb	(revision 3713)
+++ test/in_place_editing_test.rb	(working copy)
@@ -20,8 +20,13 @@
       end
     end
     @controller = @controller.new
+    @protect_against_forgery = false
   end
-  
+
+  def protect_against_forgery?
+    @protect_against_forgery
+  end
+
   def test_in_place_editor_external_control
       assert_dom_equal %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Ajax.InPlaceEditor('some_input', 'http://www.example.com/inplace_edit', {externalControl:'blah'})\n//]]>\n</script>),
         in_place_editor('some_input', {:url => {:action => 'inplace_edit'}, :external_control => 'blah'})
@@ -59,11 +64,27 @@
       :load_text_url => { :action => "action_to_get_value" })
   end
   
-  def test_in_place_editor_eval_scripts
-    assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {evalScripts:true})",
+  def test_in_place_editor_html_response
+    assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {htmlResponse:false})",
     in_place_editor( 'id-goes-here', 
       :url => { :action => "action_to_set_value" }, 
       :script => true )
   end
   
+  def form_authenticity_token
+    "authenticity token"
+  end
+
+  def test_in_place_editor_with_forgery_protection
+    @protect_against_forgery = true
+    assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {callback:function(form) { return Form.serialize(form) + '&authenticity_token=' + encodeURIComponent('authenticity token') }})",
+    in_place_editor( 'id-goes-here', :url => { :action => "action_to_set_value" })
+  end
+  
+  def test_in_place_editor_text_between_controls
+    assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {textBetweenControls:'or'})",
+    in_place_editor( 'id-goes-here', 
+      :url => { :action => "action_to_set_value" }, 
+      :text_between_controls => "or" )
+  end
 end
\ No newline at end of file
Index: lib/in_place_macros_helper.rb
===================================================================
--- lib/in_place_macros_helper.rb	(revision 3713)
+++ lib/in_place_macros_helper.rb	(working copy)
@@ -40,6 +40,12 @@
     function << "'#{url_for(options[:url])}'"
 
     js_options = {}
+
+    if protect_against_forgery?
+      options[:with] ||= "Form.serialize(form)"
+      options[:with] += " + '&authenticity_token=' + encodeURIComponent('#{form_authenticity_token}')"
+    end
+    
     js_options['cancelText'] = %('#{options[:cancel_text]}') if options[:cancel_text]
     js_options['okText'] = %('#{options[:save_text]}') if options[:save_text]
     js_options['loadingText'] = %('#{options[:loading_text]}') if options[:loading_text]
@@ -50,9 +56,10 @@
     js_options['externalControl'] = "'#{options[:external_control]}'" if options[:external_control]
     js_options['loadTextURL'] = "'#{url_for(options[:load_text_url])}'" if options[:load_text_url]        
     js_options['ajaxOptions'] = options[:options] if options[:options]
-    js_options['evalScripts'] = options[:script] if options[:script]
+    js_options['htmlResponse'] = !options[:script] if options[:script]
     js_options['callback']   = "function(form) { return #{options[:with]} }" if options[:with]
     js_options['clickToEditText'] = %('#{options[:click_to_edit_text]}') if options[:click_to_edit_text]
+    js_options['textBetweenControls'] = %('#{options[:text_between_controls]}') if options[:text_between_controls]
     function << (', ' + options_for_javascript(js_options)) unless js_options.empty?
     
     function << ')'