Permalink
Browse files

Added CSRF example, showing how you can transparently add inputs to a…

… form
  • Loading branch information...
1 parent 5428d8c commit fcfb3664ed98e3f3372aa74925aa302751499b9d @tj tj committed Jan 13, 2011
Showing with 47 additions and 0 deletions.
  1. +5 −0 examples/csrf.jade
  2. +42 −0 examples/csrf.js
View
@@ -0,0 +1,5 @@
+
+form(method='post', action='/')
+ input(type='text', name='user[name]')
+ input(type='text', name='user[email]')
+ input(type='submit', value='Submit')
View
@@ -0,0 +1,42 @@
+
+
+/**
+ * Module dependencies.
+ */
+
+var jade = require('./../lib/jade'),
+ Compiler = jade.Compiler,
+ nodes = jade.nodes;
+
+var options = {
+ compiler: CSRF
+ , locals: {
+ csrf: 'WAHOOOOOO'
+ }
+};
+
+jade.renderFile(__dirname + '/csrf.jade', options, function(err, html){
+ if (err) throw err;
+ console.log(html);
+});
+
+function CSRF(node, options) {
+ Compiler.call(this, node, options);
+}
+
+CSRF.prototype.__proto__ = Compiler.prototype;
+
+CSRF.prototype.visitTag = function(node){
+ var parent = Compiler.prototype.visitTag;
+ switch (node.name) {
+ case 'form':
+ if ("'post'" == node.getAttribute('method')) {
+ var tok = new nodes.Tag('input');
+ tok.setAttribute('type', '"_hidden"');
+ tok.setAttribute('name', '"csrf"');
+ tok.setAttribute('value', 'csrf');
+ node.block.unshift(tok);
+ }
+ }
+ parent.call(this, node);
+};

0 comments on commit fcfb366

Please sign in to comment.