...an attacker might be able to use this to inject javascript code into the source code of your page. The linked github page is a collection of common markdown XSS...
...which is handy for writing tests. Producing arbitrary links: [Basic](javascript:alert('Basic')) [Local Storage](javascript:alert(JSON.stringify(localStorage))) [CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive')) [URL](javascript://www.google.com%0Aalert('URL'))
When you're getting this error, one possibility is that you've created a select field for an association instead of the associated object's id. Example: form.select :unit, Unit.for...
will be expected to deliver a real Unit object, whereas form.select :unit_id, Unit.for_select will make Rails typecast the String value from the select field to the unit...
You have to specify the environment with -e env_name or RAILS_ENV=env_name if you want to run a script on the server. at Rails 2 it's...
bundle exec script/runner -e env_name path/to/script.rb argument1 argument2 ... at Rails 3 it's rails runner RAILS_ENV=env_name bundle exec rails runner path/to/script.rb argument1 argument2...
PostgreSQL and ActiveRecord have a good support for storing dynamic attributes (hashes) in columns of type JSONB. But sometimes you are missing some kind of validation or lookup possibility (with...
...plain attributes you can use Active Record's built-in validations and have your schema.rb). One approach about being more strict with dynamic attributes is to use JSON Schema validations...
...as expected with your Unpoly app. This is because your app only has a single page load when the user begins her session. After that only fragments are updated and...
...up.compiler('[track-for-analytics]', function($element) { var url = $element.attr('track-for-analytics') || location.pathname; ga('set', 'page', url); ga('send', 'pageview'); }); Finally look for containers that represent trackable content, and give...
JavaScript engines such as Google’s V8 (Chrome, Node) are specifically designed for the fast execution of large JavaScript applications. As you develop, if you care about memory usage and...
...what’s going on in your user’s browser’s JavaScript engine behind the scenes...
The colors in Rails log files are helpful when watching them but, since they are ANSI color codes like ^[[4;36;1m, can be annoying when you are reading the...
...that does just prints those control characters (like less or vim). Remove them with sed: cat staging.log | sed -r "s/\x1B\[([0-9]{1,3}((;[0-9]{1,3})*)?)?[m...
Sometimes you want Angular to watch an object only until a certain state is reached (e.g. an object appears in the scope). Angular's $watch returns a method that you...
...can call to remove that watch. For example: unwatch = $scope.$watch 'user', (user) -> if user?
unwatch()
require 'logger' log = Logger.new('log/mylog.log') log.info 'Some information' log.debug 'Debugging hints' log.error StandardError.new('Something went wrong') Logger does a number of things well: Message type (info / debug / error...
Log entries are timestamped Writing log output is synchronized between threads Logged errors are printed with full backtraces If you don't like the output format, you can...
...call model.save! after recreating versions. uploader.recreate_versions! does not update the model with the stored filename...
DevDocs combines multiple API documentations in a fast, organized, and searchable interface. Here's what you should know before you start: You don't have to use your mouse — see...
...the list of keyboard shortcuts The search supports fuzzy matching (e.g. "bgcp" brings up "background-clip") To search a specific documentation, type its name (or an abbreviation), then Tab
An unresponsive service can be worse than a down one. It can tie up your entire system if not handled properly. All network requests should have a timeout.
...You should avoid Ruby’s Timeout module. The default is no timeout, unless otherwise specified. Enjoy...
I use the TypeScript compiler for this, since its output is more minimal than Babel's. The following will transpile all src/*.js files into a file build.js:
npx tsc src/*.js --target ES5 --allowJs --outFile build.js The output will only transpile ES6 syntax. It will not include any polyfills for missing APIs...
Select2 comes with AJAX support built in, using jQuery's AJAX methods. ... For remote data sources only, Select2 does not create a new element until the item has been selected...
query: params.term, page: params.page || 1 } } processResults: function (data, params) { return data }, } }); Further reading: https://select2.org/data-sources/ajax
...image formats like JPG or PNG, each pixel is basically drawn on a fixed size canvas. To display such an image in a different size (say: 1.5 times larger than...
...Monitor) needs to interpolate the color values of missing pixels. The image will appear slightly blurred. This is different for vector graphics like the SVG (Scalable Vector Graphics) format. You...
Sometimes you accidentally generate entries in the bash history that you do not want to have there (e.g. commands with credentials). Here's how to remove single entries.
...look at the bash history with the history command. To see e.g. the last 5 entries, use history | tail -n 5: >history | tail -n 5 1994 my-secret-command...
...file, that don't use Ruby's logger utility, it is often useful to sync them. So other process can read the output just in time. Example with enabled sync...
File.read(log_path) #=> "Some log message\nSome other message\n" Example with disabled sync (default) log_path = '/tmp/some_log.log' log_file = File.open(log_path, 'a+') log_file.puts('Some log message')
...end up with web page bloat. But loading a webpage is much more than shipping bytes down the wire. Once the browser has downloaded our page’s scripts it then...
...dive into this phase for JavaScript, why it might be slowing down your app’s start-up & how you can fix it. The article author also tested 6000+ production sites...
.../.bashrc to have it always available. Adjust to your needs. Usage $> tab_title # title set to the current directory's name $> tab_title new_title # title set to "new_title...
...Auto-setting the title If you want your title to update each time you change the working directory, put this code after the function definition. # auto-title cd() { builtin cd...
Let's say you want to merge the properties of two JavaScript objects: let a = { foo: 1, bar: 2 } let b = { bar: 3, baz: 4 } let merged = merge(a, b...
...foo: 1, bar: 3, baz: 4 } Depending on your build, there are several ways to implement merge(). When you have ES6 When you have an ES6 transpiler or don't...
Here is some JavaScript code that allows you to click the screen and get the clicked element's text contents (or value, in case of inputs). The approach is simple...
...element. When you click the overlay, we look up the element underneath it and show its text in a browser dialog. You can then copy it from there.
...duplication from the code is a seemingly easy task. In many cases it is pretty straight-forward – you look at similar bits of code and you move them to a...
...in other places. Right? No, not really. It is true that code that looks similar might be an indicator that there’s a duplication but it’s not the definitive...
...run by your web browser. As any JavaScript, you include a link to the script in your HTML, and…that’s that. LESS is now going to process LESS code...
...formatting. Headers, paragraphs, lists, it’s all good. What about the formatting of text in single-line text fields? If our form entry is a single line, that’s usually...