This project is archived and is in readonly mode.
Form authenticity token in form tag should be set to display:inline
Reported by Elliot Winkler | June 28th, 2009 @ 08:29 AM | in 2.x
When a form is rendered using form_tag or
form_for, the form authenticity token is of course
placed right after the <form> tag automatically.
While this is a hidden field so it won't show up, it is wrapped in
a div tag that does not have display: inline set on
it. This means that if you want your form to be inline, you have to
set something like
form div { display: inline }
or else the form will have a line break where the form
authenticity token hidden field is. However, because
there's no way to target this exactly, if you happen to have
any other divs in your form for whatever reason, you'll have to
give those classes or something so you can override the
display: inline in your CSS.
I don't actually know why the hidden field is wrapped in a div,
maybe there's some reason, but I've made a patch that sets this div
to display: inline.
Comments and changes to this ticket
-
Repository July 2nd, 2009 @ 01:14 AM
- State changed from “new” to “resolved”
(from [0d3c5f0a822cd1b6029b5f619774b7794a94f370]) Patch FormTagHelper so that when a form tag is created, the div which holds the form authenticity token is set to display:inline [#2846 state:resolved]
Signed-off-by: Yehuda Katz + Carl Lerche ykatz+clerche@engineyard.com
http://github.com/rails/rails/commit/0d3c5f0a822cd1b6029b5f619774b7... -
Repository July 2nd, 2009 @ 01:14 AM
(from [8bb510f6c1e235f5fb1cf9e79af759a429a497b0]) Patch FormTagHelper so that when a form tag is created, the div which holds the form authenticity token is set to display:inline [#2846 state:resolved]
Signed-off-by: Yehuda Katz + Carl Lerche ykatz+clerche@engineyard.com
http://github.com/rails/rails/commit/8bb510f6c1e235f5fb1cf9e79af759... -
Jeff Talbot August 25th, 2009 @ 01:20 PM
This is marked resolved, but we recently had an issue with the patch: the inline style of "display:inline" in the HTML cannot be overridden by a stylesheet and is creating issues for us in Safari. It seems incorrect for Rails to be injecting a block level element inside a form just to hold a hidden input, but if for some reason this is absolutely necessary, it seems it would be preferable to set the style to "display:none".
Anyone agree that a better solution should be implemented? If so, I wouldn't mind creating a new patch.
-
Elliot Winkler August 26th, 2009 @ 02:40 AM
Now that I think about it some more, that makes more sense. At first I was concerned that hiding the hidden fields using CSS would cause the token to not be submitted along with the form, but I just tested setting the div to "display: none" like you just said, and I didn't get an InvalidAuthenticityToken error or anything like that, so obviously it still works. So that sounds good to me.
-
Elliot Winkler August 26th, 2009 @ 02:42 AM
As to being able to override it using a stylesheet, I can't see a use case for it, but looks like you have one?
-
Jeff Talbot August 26th, 2009 @ 09:34 PM
Cool. Regarding the CSS overriding--was just mentioning that it wouldn't work for setting it to display:none since it had the inline style set on the tag (which takes precedence over anything else).
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
People watching this ticket
Jeff Talbot
José Valim
Attachments
Referenced by
-
2846
Form authenticity token in form tag should be set to display:inline
(from [0d3c5f0a822cd1b6029b5f619774b7794a94f370])
Patch F...
-
2846
Form authenticity token in form tag should be set to display:inline
(from [8bb510f6c1e235f5fb1cf9e79af759a429a497b0])
Patch F...