Exact API equivalent of in_place_edit_for, except:
Runs all user data through “ERB::Util::html_escape” when sending it to the view to avoid associated vulnerabilities with otherwise-unescaped user-supplied data; the current InPlaceEditing plugin does this too, albeit using “CGI::escapeHTML” for some reason.
Supports optimistic locking if a lock_version CGI parameter is supplied, by explicitly checking the version being updated.
Explicitly catches errors and returns them as 500 status codes with a plain text message regardless of Rails environment.
See safe_in_place_editor and safe_in_place_editor_field inside file “safe_in_place_editing_helper.rb” for the counterpart helper functions.
The Prototype library getText function must be patched as described in the README rationale; see public/javascripts/safe_in_place_editing.js.
# File lib/safe_in_place_editing/safe_in_place_editing.rb, line 37 def safe_in_place_edit_for( object, attribute, options = {} ) define_method( "set_#{object}_#{attribute}" ) do safe_in_place_edit_backend( object, attribute, options ) end end