Skip to content

Django (formerly Ruby on Rails) unobtrusive scripting adapter for jQuery

License

Notifications You must be signed in to change notification settings

aliang/jquery-ujs-django

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

jquery-ujs for Django

Works like the one for Rails. Django's CsrfMiddleware differs from Rails's CSRF protection in the following ways:

  • The CSRF token is included in the HTML on a per form basis, instead of as a meta tag in the head element of your HTML
  • The CSRF token is sent as a POST parameter instead of as an HTTP header

I modified the rails.js file to reflect these changes. It's still called rails.js in the repo, though.

The additional POST parameter is named 'csrfmiddlewaretoken'. To get the token, it uses the selector "#csrf_token input" and reads the resulting element's value attribute. The easiest way to set this up is to put something like

<form id="csrf_token" style="display:none">{% csrf_token %}</form>

in your template. I haven't updated the tests to reflect the new token placement.

You can download the file here. After you have the hidden token element included in your HTML, load the JavaScript file in your page after jQuery has loaded.

Old README is below.

Unobtrusive scripting adapter for jQuery

This unobtrusive scripting support file is developed for the Ruby on Rails framework, but is not strictly tied to any specific backend. You can drop this into any application to:

  • force confirmation dialogs for various actions;
  • make non-GET requests from hyperlinks;
  • make forms or hyperlinks submit data asynchronously with Ajax;
  • have submit buttons become automatically disabled on form submit to prevent double-clicking.

These features are achieved by adding certain "data" attributes to your HTML markup. In Rails, they are added by the framework's template helpers.

Full documentation is on the wiki, including the list of published Ajax events.

Requirements

  • jQuery 1.4.3 or later;
  • for Ruby on Rails only: <%= csrf_meta_tag %> in the HEAD of your HTML layout;
  • HTML5 doctype (optional).

If you don't use HTML5, adding "data" attributes to your HTML4 or XHTML pages might make them fail W3C markup validation. However, this shouldn't create any issues for web browsers or other user agents.

In Ruby on Rails 3, the csrf_meta_tag helper generates two meta tags containing values necessary for cross-site request forgery protection built into Rails. If you're using Rails 2, here is how to implement that helper:

# app/helpers/application_helper.rb
def csrf_meta_tag
  if protect_against_forgery?
    out = %(<meta name="csrf-param" content="%s"/>\n)
    out << %(<meta name="csrf-token" content="%s"/>)
    out % [ Rack::Utils.escape_html(request_forgery_protection_token),
            Rack::Utils.escape_html(form_authenticity_token) ]
  end
end

Installation

For automated installation, use the "jquery-rails" generator:

# Gemfile
gem 'jquery-rails', '>= 0.2.6'

And run this command (add --ui if you want jQuery UI):

$ bundle install
$ rails generate jquery:install

This will remove the Prototype.js library from Rails, add latest jQuery library and fetch the adapter. Be sure to choose to overwrite the "rails.js" file.

Manual installation

Download jQuery and "rails.js" and place them in your "javascripts" directory.

Configure the following in your application startup file:

config.action_view.javascript_expansions[:defaults] = %w(jquery rails)

Now the template helper javascript_include_tag :defaults will generate SCRIPT tags to load jQuery and rails.js.

About

Django (formerly Ruby on Rails) unobtrusive scripting adapter for jQuery

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 92.4%
  • Ruby 7.6%