Testing for XSS in Markdown Fields
If you render markdown from user input, an attacker might be able to use this to inject javascript code into...
Error handling in DOM event listeners
When an event listener on a DOM element throws an error, that error will be silenced and not interrupt your...
Test-Driven Development with integration and unit tests: a pragmatic approach
Test-Driven Development (TDD) in its most dogmatic form (red-green-refactor in micro-iterations) can be tedious. It does...
Quick HTML testing with RubyMine
If you need to test some HTML, e.g. an embed code, you can use RubyMine's "scratch files":
Always convert and strip user-provided images to sRGB
Debugging image color profiles is hard. You can't trust your eyes in this matter, as the image rendering depends...
ActiveSupport includes Timecop-like helpers
ActiveSupport (since 4.1) includes test helpers to manipulate time, just like the Timecop gem: To travel a relative amount of...
Unpoly: Testing values for presence or blankness
In Ruby on Rails, all objects have a useful blank? method. It returns true for nil but also for empty...
Documenting your Rails project's Node.js version in .nvmrc
Not all versions of Node.js are compatible with each other. Also npm packages may require a minimum or maximum version...
Capybara: Testing file downloads
Download buttons can be difficult to test, especially with Selenium. Depending on browser, user settings and response headers, one of...
SameSite cookies
TL;DR Most web applications do not require action on this. SameSite=None (old browser default) will continue to work...
Vortrag: Elasticsearch Grundlagen und Rails-Integration mit searchkick
Was ist Elastic? Suchmaschine, basierend auf Apache Lucene größtenteils Open-Source einige kommerzielle Features ("Elastic Stack", früher "X-Pack") Zugriffsrechte...
RSpec: How to aggregate failures
RSpec >= 3.3 added aggregate_failures, which allows multiple failures in an example and list them all, rather than aborting on...
JavaScript without jQuery (presentation from 2019-01-21)
We want to move away from jQuery in future projects Motivations are performance, bundle size and general trends for...
Heads up: Sidekiq per default silently fails when retries are exhausted!
For Sidekiq to be able to retry your jobs it has to be able to catch errors that occur while...
Best practices: Large data migrations from legacy systems
Migrating data from a legacy into a new system can be a surprisingly large undertaking. We have done this a...
How to make changes to a Ruby gem (as a Rails developer)
At makandra, we've built a few gems over the years. Some of these are quite popular: spreewald (> 1M downloads...
Carrierwave: Built-in RSpec matchers
CarrierWave comes with some RSpec matchers which will make testing more comfortable. Let's say you have an Uploader like...
Capybara: A step for finding images with filename and extension
This cucumber step is useful for testing an image (looking at the src of the image). Then(/^I should see...
HTML: Making browsers wrap long words
By default, browsers will not wrap text at syllable boundaries. Text is wrapped at word boundaries only. This card explains...
HTTPie nice command line HTTP client
HTTPie consists of a single http command designed for painless debugging and interaction with HTTP servers, RESTful APIs, and web...
JavaScript: Testing the type of a value
Checking if a JavaScript value is of a given type can be very confusing: There are two operators typeof and...
Spreewald: Content-Disposition not set when testing a download's filename
You are not using javascript tests The file is served from a public folder (not via controller) Problem description...
Fixing flaky E2E tests
An end-to-end test (E2E test) is a script that remote-controls a web browser with tools like Selenium...
Async control flow in JavaScript: Promises, Microtasks, async/await
Slides for Henning's talk on Sep 21st 2017. Understanding sync vs. async control flow Talking to synchronous (or "blocking...