Module | SafeInPlaceEditing::ClassMethods |
In: |
vendor/plugins/safe_in_place_editing/lib/safe_in_place_editing.rb
|
Exact API equivalent of in_place_edit_for, except:
(1) Prevents XSS vulnerabilities by escaping the user-supplied value
which it renders back to the AJAX code. Values are always escaped since it's highly unlikely that you'd want to have the user input HTML and send that straight back to the view, so chances are you need custom code anyway (e.g. to parse user input via the Textile or Markaby engines and render the parsing results instead).
(2) Supports optimistic locking if a lock_version CGI parameter is
supplied, by explicitly checking the version being updated.
(3) Explicitly catches errors and returns them as 500 status codes
with a plain text message regardless of Rails environment.
See safe_in_place_editor and safe_in_place_editor_field inside file "safe_in_place_editing_helper.rb" for the counterpart helper functions.
The Prototype library getText function must be patched as described in the README rationale; see public/javascripts/safe_in_place_editing.js.
# File vendor/plugins/safe_in_place_editing/lib/safe_in_place_editing.rb, line 39 39: def safe_in_place_edit_for( object, attribute, options = {} ) 40: define_method( "set_#{object}_#{attribute}" ) do 41: safe_in_place_edit_backend( object, attribute, options ) 42: end 43: end