instiki/app/views/wiki/new.rhtml
Jacques Distler 18b5ea9aa6 Use Instiki's escapeHTML Method in Templates
Fixes bug reported by Toby Bartels.
2010-03-29 09:27:14 -05:00

39 lines
1.5 KiB
Plaintext

<%-
@title = "Creating #{CGI.escapeHTML(WikiWords.separate(@page_name))}"
@content_width = 720
@hide_navigation = true
-%>
<div id="MarkupHelp">
<%= render(:file => "#{@web.markup}_help") -%>
<%= render(:file => 'wiki_words_help') unless @web.brackets_only? -%>
</div>
<div id="editForm">
<% form_tag({ :action => 'save', :web => @web.address, :id => @page_name },
{ 'id' => 'editForm', 'method' => 'post', 'onsubmit' => 'cleanAuthorName();', 'accept-charset' => 'utf-8' }) do %>
<textarea name="content" id="content" rows="24" cols="60"><%= h(flash[:content] ||
params['content'] ? params['content'].purify : '' ) %></textarea>
<div id="editFormButtons">
<input type="submit" value="Submit" accesskey="s"/> as
<%= text_field_tag :author, @author,
:onfocus => "this.value == 'AnonymousCoward' ? this.value = '' : true;",
:onblur => "this.value == '' ? this.value = 'AnonymousCoward' : true" %>
</div>
<%- end -%>
</div>
<script type="text/javascript">
function cleanAuthorName() {
if (document.getElementById('authorName').value == "") {
document.getElementById('authorName').value = 'AnonymousCoward';
}
}
document.forms["editForm"].elements["content"].focus();
<%- if [:markdownMML, :markdownPNG, :markdown].include?(@web.markup) -%>
setupSVGedit('<%= compute_public_path("editor/svg-editor.html", "svg-edit").split(/\?/)[0] %>');
addS5button('<%= @page_name.escapeHTML %>');
<%- end -%>
</script>