...an attacker might be able to use this to inject javascript code into the source code of your page. The linked github page is a collection of common markdown XSS...
...which is handy for writing tests. Producing arbitrary links: [Basic](javascript:alert('Basic')) [Local Storage](javascript:alert(JSON.stringify(localStorage))) [CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive')) [URL](javascript://www.google.com%0Aalert('URL'))
...was typical approach for object oriented languages, designed in the 90s. A thread is sequence of instructions that can be scheduled and executed in the context of a process. Several...
...at the same time. Ruby’s VM process allocates a memory heap, which is shared and writable by threads. If incorrectly coordinated, those threads can lead to unexpected behaviors...
...call model.save! after recreating versions. uploader.recreate_versions! does not update the model with the stored filename...
require 'logger' log = Logger.new('log/mylog.log') log.info 'Some information' log.debug 'Debugging hints' log.error StandardError.new('Something went wrong') Logger does a number of things well: Message type (info / debug / error...
Log entries are timestamped Writing log output is synchronized between threads Logged errors are printed with full backtraces If you don't like the output format, you can...
PostgreSQL and ActiveRecord have a good support for storing dynamic attributes (hashes) in columns of type JSONB. But sometimes you are missing some kind of validation or lookup possibility (with...
...plain attributes you can use Active Record's built-in validations and have your schema.rb). One approach about being more strict with dynamic attributes is to use JSON Schema validations...
2.ordinalize # => "2nd" 1002.ordinalize # => "1002nd" 1003.ordinalize # => "1003rd" -11.ordinalize # => "-11th" -1001.ordinalize # => "-1001st...
An unresponsive service can be worse than a down one. It can tie up your entire system if not handled properly. All network requests should have a timeout.
...You should avoid Ruby’s Timeout module. The default is no timeout, unless otherwise specified. Enjoy...
I use the TypeScript compiler for this, since its output is more minimal than Babel's. The following will transpile all src/*.js files into a file build.js:
npx tsc src/*.js --target ES5 --allowJs --outFile build.js The output will only transpile ES6 syntax. It will not include any polyfills for missing APIs...
When CoffeeScript was added to Rails 3.1 they forgot one very important part, the ability to use it when responding...
...dependeny of capybara gem 'nokogiri', '< 1.6' # dependency of capybara gem 'rubyzip', '< 1' # dependency of selenium-webdriver, rubyzip 1+ requires Ruby 1.9 gem 'cucumber_factory' gem 'database_cleaner', '< 1'
...spinner', '~> 0.2.5' gem 'launchy', '~> 2.1.2' With these versions set, selenium-webdriver will be at version 2.35.1. This is because all later versions depend on rubyzip 1+. More info. After upgrading...
...image formats like JPG or PNG, each pixel is basically drawn on a fixed size canvas. To display such an image in a different size (say: 1.5 times larger than...
...Monitor) needs to interpolate the color values of missing pixels. The image will appear slightly blurred. This is different for vector graphics like the SVG (Scalable Vector Graphics) format. You...
Sometimes you accidentally generate entries in the bash history that you do not want to have there (e.g. commands with credentials). Here's how to remove single entries.
...look at the bash history with the history command. To see e.g. the last 5 entries, use history | tail -n 5: >history | tail -n 5 1994 my-secret-command...
Select2 comes with AJAX support built in, using jQuery's AJAX methods. ... For remote data sources only, Select2 does not create a new element until the item has been selected...
query: params.term, page: params.page || 1 } } processResults: function (data, params) { return data }, } }); Further reading: https://select2.org/data-sources/ajax
...file, that don't use Ruby's logger utility, it is often useful to sync them. So other process can read the output just in time. Example with enabled sync...
File.read(log_path) #=> "Some log message\nSome other message\n" Example with disabled sync (default) log_path = '/tmp/some_log.log' log_file = File.open(log_path, 'a+') log_file.puts('Some log message')
...aws-credential-file ./aws-credential.txt The output should look something like this: arn:aws:iam::322191361670:server-certificate/www.example.com arn:aws:iam::322191361670:server-certificate/testCert Now you have to upload...
...and includes the server certificate Amazon Resource Name (ARN) and GUID: arn:aws:iam::322191361670:server-certificate/www.example.com-2011 ASCACexampleKEZUQ4K If you got the error message similar to A client error...
Here is some JavaScript code that allows you to click the screen and get the clicked element's text contents (or value, in case of inputs). The approach is simple...
...element. When you click the overlay, we look up the element underneath it and show its text in a browser dialog. You can then copy it from there.
...To reconfigure later, call s3cmd --configure. Once you're done setting up, s3cmd gives you shell-like commands like s3cmd ls or s3cmd del somefile.png. Here is a full list...
s3cmd accesslog s3://BUCKET Sign arbitrary string using the secret key s3cmd sign STRING-TO-SIGN Sign an S3 URL to provide limited public access with expiry
.../.bashrc to have it always available. Adjust to your needs. Usage $> tab_title # title set to the current directory's name $> tab_title new_title # title set to "new_title...
...Auto-setting the title If you want your title to update each time you change the working directory, put this code after the function definition. # auto-title cd() { builtin cd...
...pattern below. The module pattern gives you basic class concepts like a constructor, private state, public methods. Since the module pattern only uses basic JavaScript, your code will run in...
...that we want to translate into Javascript using the module pattern. It's a simple class with one private function: # Ruby class Dog def initialize(name) @name = name
Let's say you have two screens: Show a given project Show a report for all projects Ideally you want both screens to be handled by different controllers like this...
...action ProjectsController#report. But these are all unsatisfying. What you can do is wrap the sub-resource in a collection block like you would do with custom collection actions:
Using CSS sprites for background images is a technique for optimizing page load time by combining smaller images into a larger image sprite. There are ongoing arguments on how useful...
...this still is, as modern browsers become more comfortable to load images in parallel. However, many major websites still use them, for example amazon, facebook, or twitter.
We often use VCR to stub external APIs. Unfortunately VCR can have problems matching requests to recorded cassettes, and these issues are often hard to debug. VCR's error messages...
...any way it will assume an error, because it can not know how the system it mocks would answer a request it has not yet recorded. Some signs an error...
Let's say you want to merge the properties of two JavaScript objects: let a = { foo: 1, bar: 2 } let b = { bar: 3, baz: 4 } let merged = merge(a, b...
...foo: 1, bar: 3, baz: 4 } Depending on your build, there are several ways to implement merge(). When you have ES6 When you have an ES6 transpiler or don't...
...signal("mouse::enter", function(c) local focused = client.focus if focused and focused.class == c.class and focused.instance == "sun-awt-X11-XDialogPeer" and c.instance == "sun-awt-X11-XFramePeer" then return end if awful.layout.get...
...change that one). Known issues This will not affect "find anything" as IntelliJ uses a sun-awt-X11-XFramePeer for it. There are no properties which allow distinguishing the "find...