Recent rails security updates have shown that people make incorrect assumptions about the possible contents of the params hash.
From Exploring ES6: Module imports are hoisted (internally moved to the beginning of the current scope). Therefore, it doesn’t matter where you mention them in a module and the...
Besides their default styling properties, HTML elements have a semantic meaning. For example, an h1 tag is usually styled with a larger font and bold, while it denotes "the single...
...HTML elements corresponding to the meaning of their content has a few advantages: HTML becomes a little clearer Edge cases have already been considered and implemented: Keyboard support (tabbing, arrow...
When your controller action raises an unhandled exception, Rails will look at the exception's class and choose an appropriate...
In the past we validate and set default values for boolean attributes in Rails and not the database itself.
Understanding your type of cronjob Some cronjobs must only run on a single server. E.g. when you run nightly batch...
You can define methods in any example group using Ruby's def keyword or define_method method: describe "example" do...
...an integer with a string without explicit casting. Related security issue In authentication, this behavior may be used to match rows without knowing a secret token: Potential Query Manipulation with...
...Gemfile.lock carefully when submitting a commit. Note that the approach in this card works best, if you use bundle outdated together with bundle update some_gem --convervative for major updates...
The linked article suggests an interesting way to speed up tests of Rails + Postgres apps: PostgreSQL allows the creation of...
...in development. Note that there are services like badssl.com to test against weird SSL behavior. Self-signed certificates Talking to a host using a self-signed certificate will fail because...
...connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Best case scenario: the remote system's administrator understands and fixes this issue.
Working with a self-signed certificate is much easier, when the browser accepts it. Google Chrome Warnings from chrome might...
...methods for calculating times and dates, like Duration#ago or Duration#from_now. But beware when using those, because they wont give you Dates or Times but ActiveSupport::TimeWithZone instances...
...your local timezone, but Rails.application.config.time_zone, which has UTC as default value. The mitigation Best case, you have already defined Rails.application.config.time_zone, as we recommend anyway. In this case you...
Setting array columns When using PostgreSQL array columns, you can set an array attribute to a value with square brackets...
If your application exports CSV, be advised that Excel and other spreadsheet applications treat certain cells (those starting with =, +, - or...
Today I got a better understanding of how git works, in particular what git checkout and git reset do. Git basics A commit holds a certain state of a directory...
By default, Devise sends all emails synchronously with deliver_now. To change that, Devise's readme suggests overwriting the send...
simple_format ignores Rails' XSS protection. Even when called with an unsafe string, HTML characters will not be escaped or...
People do. Whether consumers or developers, the end users of software are human beings who care about what's in the software. When the software changes, people want to...
...accept both optional and keyword arguments is dangerous and should be avoided. This confusing behavior will be deprecated in Ruby 2.7 and removed in Ruby 3, but right now you...
end end colored_p(User.new) # ArgumentError: unknown keywords: first_name, last_name This behavior is not very smart. The easy fix is just to never mix optional and keyword...
...be aware of its security implications. Both variants have options to change their default behaviour. Search engines and redirects If you have a public facing website that ranks on search...
Sometimes I ran across a GitHub merge request of a gem where it was not completely obvious in which version...
In RubyMine folders can be excluded from search, navigation etc. by marking it as excluded. You might sometimes wish to...
...their expected input (e.g. username, email, current-password, cc-number), browsers can offer a better autocomplete experience. There's a host of possible values. Try it live! Better Mobile Inputs...