simple_format ignores Rails' XSS protection. Even when called with an unsafe string, HTML characters will not be escaped or stripped! Instead simple_format calls sanitize on each of the...
...to escape yourself: simple_format(h(user_input)) Custom sanitization If you're using Rails 7.1 you can also customize your sanitize opions that simple_format uses. E.g if you...
Debugging performance issues in your Rails app can be a tough challenge. To get more detailed insights consider using the rack-mini-profiler gem. Setup with Unpoly Add the following...
...up.link.config.noFollowSelectors.push('.profiler-results a') document.addEventListener('up:link:follow', () => { if (window.MiniProfiler !== undefined) { window.MiniProfiler.pageTransition() } }) } # config/initializers/rack_mini_profiler.rb if Rails.env.development? Rails.application.config.to_prepare do Rack::MiniProfiler.config.position = 'top-right' # positon widget top-right Rack::MiniProfiler.config.skip_paths = [ # ignore...
...animation: none !important; } To only include these styles for tests, see Detect the current Rails environment from JavaScript or CSS. Disabling animations in Unpoly In Unpoly you can globally disable...
...argument('--disable-smooth-scrolling') Related cards Does or scroll the page? Detect the current Rails environment from JavaScript or CSS Disable concurrent AJAX requests in tests In applications that do...
...to add associations across those records, if they are related in some way. The Rails sandbox In development, Rails' sandbox mode might be useful. Testing and the migration codebase
...shoulda-matchers gem gives you some RSpec matchers to test the application of standard Rails validations. Under the hood should-matchers uses the same recipe as outlined above (set invalid...
...screen_name is not a palindrome. Since that check is not possible with standard Rails validations, we write a custom validation method like this: class User < ActiveRecord::Base validate :validate...
...add support for parallel tests. You can easily do that by setting config.root: config.root = "#{Rails.public_path}/system/#{Rails.env}#{ENV['TEST_ENV_NUMBER']}".freeze For debugging purposes (e.g. trying to hunt...
...separate environment. You you could read from an ENV variable instead of using your Rails.env. Suggested configuration In total, here is a suggested configuration that you can put into config/initializers/carrierwave.rb...
I recently stumbled upon the Rails feature composed_of. One of our applications dealt with a lot of addresses and they were implemented as 7 separate columns in the DB...
...enforced that. Because I used a regular class, I had to build it myself. The Rails-native readonly is sadly only available with ActiveRecord, not with ActiveModel. It would have...
{ page_count: match[1].to_i } else {} end end rescue StandardError => e Rails.logger.error("PdfAnalyzer failed to parse metadata: #{e.message}") {} end def self.analyze_later? true # default end end # config/initializers/active_storage.rb...
...Rails.application.config.active_storage.analyzers.append PdfAnalyzer # db/migrate/xxxxx_add_pdf_analyzer.rb class AddPdfAnalyzer < ActiveRecord::Migration[8.0] def up pdf_blobs = ActiveStorage::Blob.where(content_type: 'application/pdf') # Mark all existing PDF blobs as to-be-analyzed-again pdf_blobs.find_each do...
...lot more gems than you think. E.g. when you do this: bundle update cucumber-rails ... you might think this will only update cucumber-rails. But it actually updates cucumber-rails...
...breaking API changes. Which is all the time. In the example above updating cucumber-rails will give you Capybara 2.0 (because capybara is a dependency of cucumber-rails), which will...
...using ActiveStorage's disk service. This means that stored files are served by your Rails application, and every request to a file results in (at least!) one non-trivial log...
...an example of what loading a single in an example application writes to the Rails log. Started GET "/rails/active_storage/blobs/redirect/..." for ::1 at ... Processing by ActiveStorage::Blobs::RedirectController#show as SVG...
...but give sub-classes a way to override values without affecting the parent class. Rails has many helpers for this such as class_attribute and class_inheritable_accessor. Unfortunately their...
...semantics are hard to understand, the helpers available differ for different versions of Rails and the behavior is subtly different. Make sure you read and understand the API before using...
...can never change them without forcing users to empty their cache. Note By default Rails sends a header Cache-Control: max-age=0, private, must-revalidate with all responses, including...
...cached by browsers. You do need to pay attention if you redirect outside of Rails, e.g. via your web server configuration. Dealing with incorrectly cached redirects The only fix is...
Empty CSPs with send_file If you use send_file from a Rails controller, you can send potentially dangerous files with an inline disposition iff you also send...
...would execute active content): Content-Disposition: attachment If you use send_file from a Rails controller, the default disposition is attachment. You can also set it explicitly: send_file @attachment.path...
...runs; Code Reviews include test badge; Automatically merge a PR on green tests Upgrade Rails 5 0 - 5 New Rails features are accessible Replace slider framework 4 4
...sure not to mess with that. Related cards If you are using Ruby on Rails, a use case / implementation might look like Rails 3: Sending tempfiles for download.
...ALLOW_REMOTE_DATABASE_URL: 'true' DATABASE_URL: postgres://postgres:postgres@localhost:5432/test PGTZ: 'Europe/Berlin' RAILS_ENV: test TZ: 'Europe/Berlin' strategy: matrix: partition: [ 0, 1, 2, 3 ] # Keep in sync with...
...uses: actions/checkout@v4 - uses: ./.github/actions/setup-node - uses: ./.github/actions/setup-ruby - name: Setup database schema run: bundle exec rails db:create db:schema:load - name: Precompile assets run: bundle exec rails assets:precompile
...for consumption in browsers. Webpacker is a wrapper around webpack that handles integration with Rails. This is a short introduction. Installation If you haven't already, you need to install...
...x is still current! in your Gemfile. Run bundle install Finally, run bundle exec rails webpacker:install Alternatively, you can add webpacker from the start when creating a new Rails...
Rails has always included a scaffold script that generates a default controller implementation for you. Unfortunately that generated controller is unnecessarily verbose. When we take over Rails projects from other...
...We prefer a different approach. We believe that among all the classes in a Rails project, controllers are some of the hardest to test and understand and should receive special...
The same applies to files in Carrierwave. Variant: Deliver attachments through Rails The first way is to store Paperclip attachments not in the default public/system, but in...
...can be configured like this: class Note < ActiveRecord::Base has_attached_file :attachment, :path => ":rails_root/storage/:rails_env/attachments/:id/:style/:basename.:extension" end To link to the protecting controller actions...
etag { current_user&.id } etag { current_user&.updated_at } end Under the hood, Rails generates an ETag header value like W/"f14ce3710a2a3187802cadc7e0c8ea99". In doing so, all objects from that...
...etag { current_user&.updated_at&.to_f } end You might even want to patch Rails' etagging logic so you don't have to remember doing that. Here you go:
content_type_1.match(/\Aimage\/(jpeg|png)\z/) # => nil content_type_2.match(/\Aimage\/(jpeg|png)\z/) # => Rails Newer Rails explicitly warns you, when you use ^ and $ in validations with a regular expression...
...comparison can often be seen with simple string comparison like so. # ❌ Not recommended if Rails.version > '6.1.7.8' || RUBY_VERSION > '3.1.4' raise Error, 'please check if the monkey patch below is still...
...comparison above works by coincidence. But chances are that you are not: For example, Rails version 6.1.10.8 would not raise an error in the code block above, because in an...
Accept: application/json This means the client will only understand JSON responses. When a Rails action is done, it will try to render a template for a format that the...
...pages/foo, application/foo with {:locale=>[:de], :formats=>[:json], :handlers=>[:erb, :builder, :haml]} This is because Rails tried to find a template like foo.js.erb but all it found was foo.html.haml (which the...
...of form.fields_for. You forgot to use accepts_nested_attributes in the containing model. Rails won't complain, but nothing will work. In particular, nested_form.object will be nil.
You are not setting the inverse_of for a has_many through association. Rails will then not be able to process a collection assignment, since it can't find...