I have a user input form like
= simple_form_for(#user) do |f|
= f.input :about_me, :input_html => {"data-fileupload" => "false", :class => "span12 rich_regular"}, :label => _("about_me")
and the the field about_me is been sanitized at the model level like
sanitize_text :basic => [:about_me], :except => [:time_zone]
but, when i copy any js script like
<script>alert(hello)</script>
above alert it is beeing executed i.e, alert is being displayed. how should I prevent it from the front end
Related
I'm attempting to upload multiple files using a form inside a Rails 2.3.18 application. I've added :multipart => true to my form and :multiple => true to my file_field tag. The names portion of the file_field tag is images[].
I am able to add multiple images in the browser and successfully submit the form. However, the images portion of the params shows [nil, nil] in the controller for however many images I submitted. I've included the form below (it is written in HAML).
- form_for :message, :url => post_url, :html => { :multipart => true, :class => "order-details-form"} do |form|
= form.text_area :content, :placeholder => t(:type_message_here, :scope => :std)
= form.file_field 'images[]', :multiple => true
= form.submit t(:send, :scope => :bpt), :class => "io-button"
How can I get a hidden radio button using simple-form?
I know that simple-form has a :as => :hidden to hide a form field, and a :as => :radio_buttons to display a radio button option... but I can't have two as options on a field... :)
How can I go about this?
What I've tried:
= form.input :type,
:as => :radio_buttons,
:hidden => true,
:checked => ...
= form.input :type,
:as => [:radio_buttons, :hidden]
:checked => ...
= form.input :type,
:as => :radio_buttons,
:as => :hidden,
:checked => ...
"hidden" is a different form of input altogether - it's the same as hidden_field. If you just want to hide a radio from the user (maybe you want to show it again later) you can use "display: none" in the html for the wrapper.
= form.input :type
as: radio_buttons
wrapper_html: { style: "display: none" }
If the input should never be displayed to the user then I'd just leave it out of the page altogether. You're never going to be able to selected it after all.
So I'm using nested_form (v0.3.2 according to Gemfile.lock) with Rails 3.2.11. I have a Service model with a category field that initially can take on multiple values that can be input via a select dropdown.
The categories are something like: ["J Award", "Z Award", "Other" ]
When I go to save the form fields with a value of J Award (or Z Award) and rerender an editable form, the form redisplays with a value of "Other" for category. Yet if I step into the rails console and look at the category field of the saved service model, it shows "J Award".
What could be causing this? Since nested_form is no longer maintained, should I just give up and handle multiple models in a single form differently?
haml output of rerendered form
= semantic_nested_form_for #service, :url => "/update", :html => { :class => "service", :autocomplete => "off" } do |f|
%h1.page-title Service
.page-wrapper
= render :partial => "shared/error_messages", :locals => { :object => #service }
html output of rerendered form:
<li class="string input required stringish" id="service_category_input"><label class=" label" for="service_category">Category<abbr title="required">*</abbr></label><input id="service_category" maxlength="255" name="service[category]" type="text" value="J Award" />
</li>
= f.inputs do
%h3 Project Information
= f.input :billable, :as => :radio, :collection => { 'Billable' => true, 'Non-billable' => false }, :label => 'Category', :input_html => { :disabled => true }
= f.input :category
= f.input :assigned_consultant, :input_html => { :readonly => true }
= f.input :aims, :input_html => { :readonly => true }
In your html.erb file, I'd change the f.input to f.select:
<%= f.select :category, ["J Award", "Z Award", "Other"], {selected: f.object.category} %>
The selected attribute is self-explanatory. I've never worked with .haml files before, so I guess you would have to convert it somehow.
I am using Rails 4 and Ruby 2 with Carrier Wave along with jQuery Mobile 1.3, and a user has a profile which has a logo. I have tested the backend Carrier Wave stuff in the console and it works.
The problem is in the form helper, it doesn't matter what I do, but a file_field will display and let me choose an image, but it does not come through in the params. If I change it to a field that does not exist eg. =f.file_field :field_not_permitted_in_strong_params it does not fall over and a file picker is visible, if I change that to =f.text_field :field_not_permitted_in_strong_params, only then does rails kick in and complain about the field not existing.
So my problem is basically, I can upload a file client side, but it does not get sent through in the form data, or appear in the params hash, and all my other fields work correctly.
Here is a snippet of the form:
= form_for(#business_profile, :html => {:multipart => true}, :url => business_profile_path, :validate => true) do |f|
=image_tag(#business_profile.logo.url, class: 'business-logo')
%div{:data => {:role => 'fieldcontain'}}
=f.file_field :logo
- # Basic Information
%div{:data => {:role => 'collapsible', :collapsed => 'false'}}
%h3
Basic Information
%div{:data => {:role => 'fieldcontain'}}
= f.label :name, 'Business name:'
= f.text_field :name
%div{:data => {:role => 'fieldcontain'}}
= f.label :address, 'Address:'
= f.text_area :address, class: 'address'
OK after spending hours on the matter, the problem is that jQuery Mobile submits forms with Ajax by default, and files cannnot be submitted with Ajax without using plugins etc.
So the solution is to disable the Ajax like this:
= form_for(#business_profile, :url => business_profile_path, :validate => true, :html => { :'data-ajax' => false }) do |f|
I have a form field where a user enters contact information, including name, email, etc. If they already have contacts saved I want to have a dropdown with their saved contacts. When a contact from the dropdown is selected, the contact fields should be populated with that data to allow for easy editing.
For some reason this approach isn't working:
In my new.html.erb view:
<%= f.collection_select :id, #contacts, :id, :name, :onchange =>
remote_function(:url =>{:action => 'populate_contact_form'}, :with => 'id') %>
In my controller:
def populate_contact_form
raise "I am working up to this point"
#contact = current_account.contacts.find(params[:id])
end
In populate_contact_form.rjs:
page['contact_name'].value = #contact.name
page['contact_email'].value = #contact.email
It seems my controller method is never called... can anyone explain how to do this?
It's not getting called because you're using remote_function incorrectly. Rails assumes the current action/controller/id/etc if any of those options are missing from the :url option to remote_function. You're passing :action as a top level option to remote_function, and it gets ignored. With a :url option Rails assumes the same action and controller that rendered this view.
This should fix your problem:
<%= f.collection_select :id, #contacts, :id, :name, :onchange =>
remote_function(:url =>{:action => 'populate_contact_form'}, :with => 'id') %>