custom inputs for read only data
116 views
Skip to first unread message
Rene M
Jun 24, 2012, 11:28:35 PM6/24/12
to plataformate...@googlegroups.com
Hello!
I want to create a custom input that will not render as an input html element.
so instead of having something render like this
<div >
<input> VALUE </input>
</div>
i want simple form to render like this
<div>
<span> VALUE </span>
</div>
notice there is no input tag.
The reason for this is that i want to use the form to display the values - that need to be calculated in the backend and thus are protected from mass-assignment using attr_accesible - without rendering them inside an input field that would be POSTed to the backend and trigger a mass-assignment error in Rails
i am looking at the custom inputs reference in the docs and i see
class CurrencyInput < SimpleForm::Inputs::Base def input "$ #{@builder.text_field(attribute_name, input_html_options)}".html_safe end end
i would like to do something like
class NoInput < SimpleForm::Inputs::Base def input "<span>#{@builder.attribute_value}</span>".html_safe end end
and use it like this
f.input :my_mass_assignment_protected_field, :as => :no
Could this be done?
thanks
Rene M
Jun 25, 2012, 12:31:52 AM6/25/12
to plataformate...@googlegroups.com
I was able to do this:
class NoInput < SimpleForm::Inputs::Base def input "<span>#{@builder.object.send(attribute_name)}</span>".html_safe end end
Not sure if it is right but seems to work for me
Carlos Antonio da Silva
Jun 25, 2012, 8:34:15 AM6/25/12
to plataformate...@googlegroups.com
That'd work yeah, but I'd advice you to use content_tag instead, because you're not escaping the value inside the span, which enables xss attacks. Use something like that:
template.content_tag :span, @builder.object.send(attribute_name)
As a side note, if you set an input as :disabled, the values are not going to be sent to the server, so you can still show them as inputs for the user.
At.
Carlos Antonio
Jason Heiss
Jun 25, 2012, 9:46:30 AM6/25/12
to plataformate...@googlegroups.com
I do something like:
<%= f.input :attribute, required: false do %>
<%= @object.attribute %>
<% end %>
That gets you all the divs necessary for proper styling (I'm also using twitter bootstrap) without the actual form element. I also don't know if that is the "right" way to do it, but it works.
<%= f.input :attribute, required: false do %>
<%= @object.attribute %>
<% end %>
That gets you all the divs necessary for proper styling (I'm also using twitter bootstrap) without the actual form element. I also don't know if that is the "right" way to do it, but it works.
Rene Mendoza
Jun 25, 2012, 10:25:51 AM6/25/12
to plataformate...@googlegroups.com
Hey Jason that is also cool, I will try it
thanks
Rene
thanks
Rene
Rene Mendoza
Jun 25, 2012, 10:28:17 AM6/25/12
to plataformate...@googlegroups.com
Hey Carlos I ended doing just that, i was reluctant to do it because
the way it looked, in the end it is easier just to style the disabled
element with CSS so that it doesnt look 'disabled' but it is.
Final question, would
template.content_tag :span, @builder.object.send(attribute_name)
be used in a view or inside a CustomInput?
thanks
Rene Mendoza
the way it looked, in the end it is easier just to style the disabled
element with CSS so that it doesnt look 'disabled' but it is.
Final question, would
template.content_tag :span, @builder.object.send(attribute_name)
be used in a view or inside a CustomInput?
thanks
Rene Mendoza
Carlos Antonio da Silva
Jun 25, 2012, 10:41:14 AM6/25/12
to plataformate...@googlegroups.com
Rene, that template.content_tag call would replace your <span> tag concatenation thing, to ensure the content is properly html escaped, avoiding xss attacks.
At.
Carlos Antonio
Reply all
Reply to author
Forward
0 new messages