module SafeInPlaceEditing::ClassMethods

Public Instance Methods

safe_in_place_edit_for( object, attribute, options = {} ) click to toggle source

Exact API equivalent of in_place_edit_for, except:

  • Runs all user data through “ERB::Util::html_escape” when sending it to the view to avoid associated vulnerabilities with otherwise-unescaped user-supplied data; the current InPlaceEditing plugin does this too, albeit using “CGI::escapeHTML” for some reason.

  • Supports optimistic locking if a lock_version CGI parameter is supplied, by explicitly checking the version being updated.

  • Explicitly catches errors and returns them as 500 status codes with a plain text message regardless of Rails environment.

See safe_in_place_editor and safe_in_place_editor_field inside file “safe_in_place_editing_helper.rb” for the counterpart helper functions.

The Prototype library getText function must be patched as described in the README rationale; see public/javascripts/safe_in_place_editing.js.

# File lib/safe_in_place_editing/safe_in_place_editing.rb, line 37
def safe_in_place_edit_for( object, attribute, options = {} )
  define_method( "set_#{object}_#{attribute}" ) do
    safe_in_place_edit_backend( object, attribute, options )