instiki/app/views/wiki/rollback.rhtml
Jacques Distler a5e08f7bcc Rails_xss Plugin
I installed the rails_xss plugin, for
the main purpose of seeing what will
break with Rails 3.0 (where the behaviour
of the plugin is the default). I think
I've fixed everything, but let me know if you
see stuff that is HTML-escaped, which
shouldn't be.

As a side benefit, we now use Erubis,
rather than ERB, to render templates.
They tell me it's faster ...
2010-05-26 00:27:49 -05:00

38 lines
1.3 KiB
Plaintext

<%-
@title = "Rollback to #{@page.plain_name} Rev ##{@revision_number}".html_safe
@content_width = 720
@hide_navigation = true
-%>
<div id="MarkupHelp">
<%= render(:file => "#{@web.markup}_help") -%>
<%= render(:file => 'wiki_words_help') unless @web.brackets_only? -%>
</div>
<% form_tag({:web => @web.address, :action => 'save', :id => @page.name},
{ :id => 'editForm', :method => 'post', :onsubmit => 'cleanAuthorName();',
'accept-charset' => 'utf-8' }) do %>
<div>
<textarea name="content" id="content" rows="24" cols="60"><%= h(@revision.content.purify) %></textarea>
<div id="editFormButtons">
<input type="submit" value="Update" accesskey="u" /> as
<input type="text" name="author" id="authorName" value="<%= h(@author.purify) %>"
onclick="this.value == 'AnonymousCoward' ? this.value = '' : true" />
|
<span>
<%= link_to('Cancel', {:web => @web.address, :action => 'cancel_edit', :id => @page.name},
{:accesskey => 'c'}) %>
<span class="unlock">(unlocks page)</span>
</span>
</div>
</div>
<%- end -%>
<script type="text/javascript">
function cleanAuthorName() {
if (document.getElementById('authorName').value == "") {
document.getElementById('authorName').value = 'AnonymousCoward';
}
}
</script>