lib/perus/server/form.rb in perus-0.1.2 vs lib/perus/server/form.rb in perus-0.1.3
- old
+ new
@@ -1,7 +1,9 @@
module Perus::Server
class Form
+ include Helpers
+
def initialize(record)
@record = record
end
def field(field, type = nil, options = nil)
@@ -31,11 +33,12 @@
# return the field plus any errors
html << "</span></p>" << errors_for(field)
end
def input(field, options)
- "<input type=\"text\" name=\"record[#{field}]\" value=\"#{@record.send(field)}\">"
+ value = escape_quotes(@record.send(field))
+ "<input type=\"text\" name=\"record[#{field}]\" value=\"#{value}\">"
end
def textarea(field, options)
"<textarea name=\"record[#{field}]\">#{@record.send(field)}</textarea>"
end
@@ -54,10 +57,10 @@
def select(field, options)
existing = @record.send(field)
option_rows = options.collect do |(value, name)|
selected = existing == value ? 'selected' : ''
- "<option value=\"#{value}\" #{selected}>#{name || value}</option>"
+ "<option value=\"#{escape_quotes(value)}\" #{selected}>#{name || value}</option>"
end
"<select name=\"record[#{field}]\">#{option_rows.join("\n")}</select>"
end