Steve Schwartz
Steve Schwartz
Huh. Weird that we didn't have this. [Here is the relevant HTML spec](https://dev.w3.org/html5/spec-author-view/the-select-element.html#the-select-element) which states that `select` inputs may have the `required` attribute and be enforced. I haven't run the...
I had this problem too. Seems to have been caused by `attr_protected :project_id`, though I'm not sure why, because the `status.project_id` was being set explicitly. I'm going to chalk it...
Sorry, I had to go back and read through the conversation from #307 to remind myself of the initial intent and discussion. There are a few issues with this PR...
@KODerFunk Awesome, sounds good! Thanks!
Same problem here, working with Rails 3.0.5, Passenger 3.0.5, and Nginx on Amazon EC2.
This could probably be done without too much difficulty. Question: if an input is already disabled, do we want to re-disable it with the `data-disable-with` text and then return it...
@bwillis Just to clarify (and unless I'm misunderstanding), this potential exploit only works if the application developer is allowing their users to submit raw HTML links with arbitrary attributes and...
@RSO Not at all. Just wanted to make sure I had a good understanding of the issue and sense of the severity.
Good deal. Thanks for the test! I'll pull this in, and release a new jquery-rails gem soon.
I can't get this test to fail in the old version of jquery-ujs. I think I may be missing something.