avoid leaking object ids in form_fors

2014-02-12 13:14:25 -06:00 · 2014-02-12 13:14:25 -06:00 · a16e99c686
commit a16e99c686
parent 354143e9c5
3 changed files with 7 additions and 5 deletions
--- a/app/views/comments/_commentbox.html.erb
+++ b/app/views/comments/_commentbox.html.erb
@ -1,5 +1,6 @@
 <div class="comment comment_form_container">
-<%= form_for comment do |f| %>
+<%= form_for comment,
+:html => { :id => "edit_comment_#{comment.short_id}" } do |f| %>
  <% if comment.errors.any? %>
    <%= errors_for comment %>
  <% end %>
@ -38,7 +39,6 @@
          :type => "button" %>
      <% end %>

-
      <div style="clear: both;"></div>

      <%= render :partial => "global/markdownhelp" %>
--- a/app/views/settings/index.html.erb
+++ b/app/views/settings/index.html.erb
@ -6,7 +6,8 @@
    Account Settings
  </div>

-  <%= form_for @edit_user, :url => settings_url, :method => :post do |f| %>
+  <%= form_for @edit_user, :url => settings_url, :method => :post,
+  :html => { :id => "edit_user" } do |f| %>
    <%= error_messages_for f.object %>

    <div class="boxline">
@ -170,7 +171,8 @@
  <br>
  <br>

-  <%= form_for @edit_user, :url => delete_account_url, :method => :post do |f| %>
+  <%= form_for @edit_user, :url => delete_account_url, :method => :post,
+  :html => { :id => "delete_user" } do |f| %>
    <div class="legend">
      Delete Account
    </div>
--- a/app/views/stories/edit.html.erb
+++ b/app/views/stories/edit.html.erb
@ -4,7 +4,7 @@
  </div>

  <%= form_for @story, :url => story_url(@story.short_id),
-  :method => :put do |f| %>
+  :method => :put, :html => { :id => "edit_story" } do |f| %>
    <%= render :partial => "stories/form", :locals => { :story => @story,
      :f => f } %>