a5e08f7bcc
I installed the rails_xss plugin, for the main purpose of seeing what will break with Rails 3.0 (where the behaviour of the plugin is the default). I think I've fixed everything, but let me know if you see stuff that is HTML-escaped, which shouldn't be. As a side benefit, we now use Erubis, rather than ERB, to render templates. They tell me it's faster ...
38 lines
1.3 KiB
Plaintext
38 lines
1.3 KiB
Plaintext
<%-
|
|
@title = "Rollback to #{@page.plain_name} Rev ##{@revision_number}".html_safe
|
|
@content_width = 720
|
|
@hide_navigation = true
|
|
-%>
|
|
|
|
<div id="MarkupHelp">
|
|
<%= render(:file => "#{@web.markup}_help") -%>
|
|
<%= render(:file => 'wiki_words_help') unless @web.brackets_only? -%>
|
|
</div>
|
|
|
|
<% form_tag({:web => @web.address, :action => 'save', :id => @page.name},
|
|
{ :id => 'editForm', :method => 'post', :onsubmit => 'cleanAuthorName();',
|
|
'accept-charset' => 'utf-8' }) do %>
|
|
<div>
|
|
<textarea name="content" id="content" rows="24" cols="60"><%= h(@revision.content.purify) %></textarea>
|
|
<div id="editFormButtons">
|
|
<input type="submit" value="Update" accesskey="u" /> as
|
|
<input type="text" name="author" id="authorName" value="<%= h(@author.purify) %>"
|
|
onclick="this.value == 'AnonymousCoward' ? this.value = '' : true" />
|
|
|
|
|
<span>
|
|
<%= link_to('Cancel', {:web => @web.address, :action => 'cancel_edit', :id => @page.name},
|
|
{:accesskey => 'c'}) %>
|
|
<span class="unlock">(unlocks page)</span>
|
|
</span>
|
|
</div>
|
|
</div>
|
|
<%- end -%>
|
|
|
|
<script type="text/javascript">
|
|
function cleanAuthorName() {
|
|
if (document.getElementById('authorName').value == "") {
|
|
document.getElementById('authorName').value = 'AnonymousCoward';
|
|
}
|
|
}
|
|
</script>
|