MarkItUp: Rails plugin that turns any textarea into a markup editor

I recently published a plugin that helps you turn any textarea into a markup editor. It is based on excellent markItUp! jQuery plugin.

Example

The most simple usage with preset defaults

<html>
<head>
  <%= javascript_include_tag "path/to/jquery" %>
  <%= mark_it_up '#miu_test' %>
</head>
<body>
  <%= form_tag do %>
    <%= text_area_tag "miu_test" %>
  <% end %>
</body>
</html>

You can see a lot more cool examples in action on markitup.cingel.hr.

More info

markitup.cingel.hr
github.com/cingel/mark_it_up

Advertisements

Rails, CSRF and Ajax requests

Rails protects controller actions from CSRF (Cross-Site Request Forgery) attacks with a token based on a random string stored in the session. The token parameter is named authenticity_token by default and will be embedded in all forms and Ajax requests generated by Rails.

You should also add this token to all Ajax request that you hand coded. As suggested in Rails documentation you can add this line in head section.

  <%= javascript_tag "window._token = '#{form_authenticity_token}'" %>;

and then add authenticity_token to parameters option of Ajax requests

  new Ajax.Request('/some/url', {
    parameters: "foo=bar&authenticity_token="+_token
  });

Remote forgery protection plugin

This can get tedious if you have a lot of Ajax requests so I wrote a simple plugin that adds authenticity token to all Ajax requests automatically.

You can install it with

  script/plugin install git://github.com/vlado/remote_forgery_protection.git

Now all you have to do is add this line inside head section of you’re layout

  <%= remote_forgery_protection %>

and all non GET Ajax request will have authenticity_token parameter automatically included.

Continue reading “Rails, CSRF and Ajax requests”