Merge pull request #14738 from tilsammans/pull/11407

Remove wrapping div with inline styles for hidden form fields. Conflicts: actionview/CHANGELOG.md
rails · Apr 17, 2014 · cbb9174 · cbb9174
2 parents c91a531 + 89ff1f8
commit cbb9174
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 15 deletions.
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md
@@ -1,3 +1,11 @@
+*   Remove wrapping div with inline styles for hidden form fields.
+
+    We are dropping HTML 4.01 and XHTML strict compliance since input tags directly
+    inside a form are valid HTML5, and the absense of inline styles help in validating
+    for Content Security Policy.
+
+    *Joost Baaij*
+
 *   `collection_check_boxes` respects `:index` option for the hidden filed name.
 
     Fixes #14147.

diff --git a/actionview/lib/action_view/helpers/form_tag_helper.rb b/actionview/lib/action_view/helpers/form_tag_helper.rb
@@ -778,9 +778,11 @@ def extra_tags_for_form(html_options)
               method_tag(method) + token_tag(authenticity_token)
           end
 
-          enforce_utf8 = html_options.delete("enforce_utf8") { true }
-          tags = (enforce_utf8 ? utf8_enforcer_tag : ''.html_safe) << method_tag
-          content_tag(:div, tags, :style => 'display:none')
+          if html_options.delete("enforce_utf8") { true }
+            utf8_enforcer_tag + method_tag
+          else
+            method_tag
+          end
         end
 
         def form_tag_html(html_options)

diff --git a/actionview/test/activerecord/form_helper_activerecord_test.rb b/actionview/test/activerecord/form_helper_activerecord_test.rb
@@ -59,12 +59,13 @@ def test_nested_fields_for_with_child_index_option_override_on_a_nested_attribut
   protected
 
   def hidden_fields(method = nil)
-    txt =  %{<div style="display:none">}
-    txt << %{<input name="utf8" type="hidden" value="&#x2713;" />}
+    txt = %{<input name="utf8" type="hidden" value="&#x2713;" />}
+
     if method && !%w(get post).include?(method.to_s)
       txt << %{<input name="_method" type="hidden" value="#{method}" />}
     end
-    txt << %{</div>}
+
+    txt
   end
 
   def form_text(action = "/", id = nil, html_class = nil, remote = nil, multipart = nil, method = nil)
@@ -88,4 +89,4 @@ def whole_form(action = "/", id = nil, html_class = nil, options = nil)
 
     form_text(action, id, html_class, remote, multipart, method) + hidden_fields(method) + contents + "</form>"
   end
-end
+end
diff --git a/actionview/test/template/form_helper_test.rb b/actionview/test/template/form_helper_test.rb
@@ -3020,12 +3020,13 @@ def test_form_for_only_instantiates_builder_once
   protected
 
   def hidden_fields(method = nil)
-    txt =  %{<div style="display:none">}
-    txt << %{<input name="utf8" type="hidden" value="&#x2713;" />}
+    txt = %{<input name="utf8" type="hidden" value="&#x2713;" />}
+
     if method && !%w(get post).include?(method.to_s)
       txt << %{<input name="_method" type="hidden" value="#{method}" />}
     end
-    txt << %{</div>}
+
+    txt
   end
 
   def form_text(action = "/", id = nil, html_class = nil, remote = nil, multipart = nil, method = nil)

diff --git a/actionview/test/template/form_tag_helper_test.rb b/actionview/test/template/form_tag_helper_test.rb
@@ -14,12 +14,15 @@ def hidden_fields(options = {})
     method = options[:method]
     enforce_utf8 = options.fetch(:enforce_utf8, true)
 
-    txt =  %{<div style="display:none">}
-    txt << %{<input name="utf8" type="hidden" value="&#x2713;" />} if enforce_utf8
-    if method && !%w(get post).include?(method.to_s)
-      txt << %{<input name="_method" type="hidden" value="#{method}" />}
+    ''.tap do |txt|
+      if enforce_utf8
+        txt << %{<input name="utf8" type="hidden" value="&#x2713;" />}
+      end
+
+      if method && !%w(get post).include?(method.to_s)
+        txt << %{<input name="_method" type="hidden" value="#{method}" />}
+      end
     end
-    txt << %{</div>}
   end
 
   def form_text(action = "http://www.example.com", options = {})