0

In my form I want to ignore some input fields on form submit.

I'm using prop('disabled', true) to disable the fields, but they are still being submited

This only happens on remote forms. What could it be?

I'm using turbolinks, rails and jquery

Turning remote form to regular full page reload is not an option in this case (modals and stuff)

Nicos Karalis
  • 3,724
  • 4
  • 33
  • 62

2 Answers2

1

I was having the exact same problem (needed to disable and enable some fields according to user interaction). Solved it by using branch 5-1-stable. (it was 5.1.2 before)

gem 'rails', git: 'https://github.com/rails/rails.git', branch: '5-1-stable'

and update your Rails gem

bundle update rails

This pull request solved the issue.

Note: The application I'm working on is not yet on production, so I don't have any problem now in using the stable branch. If you need a more conservative approach maybe try using 5.1.4 instead, and check if the commit from the link above is included in the repo.

If you can't change your rails gem version, another solution could be to remove or to empty the name attribute of the inputs that you don't want to be submitted. If you check the change in the pull request you can see that currently rails-ujs is removing from the params those fields that have no nameattribute. So, removing/setting this attribute in the fields as you need them should work (I didn't try this though). Maybe something like this:

// 'disable' the fields
$('your-inputs-selector[disabled="disabled"]').each(function(idx, elem) {
  var $elem = $(elem);
  $elem.data('input-name', $elem.attr('name'));
  $(elem).attr('name', '');
});  
// 're-enable' the fields
$('your-inputs-selector').each(function(idx, elem) {
  var $elem = $(elem)
  $elem.attr('name', $elem.data('input-name'));
});

Hope this help.

gasc
  • 638
  • 7
  • 14
0

Don't access params directly, you'll want to sanitize them, here is an example with some pseudo code, assuming you only want comment title & body (all other params will be purged):

class CommentController < ApplicationController
  def create
    Comment.create(comment_params)
  end

  private

  def comment_params
    params.require(:comment).permit(:title, :body)
  end
end
DivXZero
  • 601
  • 1
  • 7
  • 17
  • I completely agree with you, but the problem is on the html portion, not the controller. The form will have a browser validation. If given option is selected some fields will be disabled and not submitted, but later on the user can change the option and the disabled fields will be enabled with the values unchanged. – Nicos Karalis Nov 19 '17 at 05:49
  • @NicosKaralis hmm, you could just not set the name of the input, that should prevent any values from being passed: https://stackoverflow.com/questions/3008035/stop-an-input-field-in-a-form-from-being-submitted – DivXZero Nov 19 '17 at 05:52
  • I dont want to lose the user input, real example: a user can be of two types, each type requires different attributes. The form has fields for all attributes, but hides the ignored ones. On the server I will just test `@user.name = params[:company_name].present? ? params[:company_name] : params[:name]`, this works on forms `local: true`, but I need on remote forms too – Nicos Karalis Nov 19 '17 at 05:55