simple_format ignores Rails' XSS protection. Even when called with an unsafe string, HTML characters will not be escaped or...
Rails' url_for is useful for generating routes from a Hash, but can lead to an open redirect vulnerability.
When changing the glibc version, it's possible that the upgrade also includes changes to how locales work.
In a web application you sometimes have tasks that can not be processed during a request but need to go...
When two classes implement the same behavior (methods, callbacks, etc.), you should extract that behavior into a trait or module. This card describes how to test that extracted behavior without...
...repeating yourself. Note that the examples below use Modularity traits to extract shared behavior. This is simply because we like to do it that way at makandra. The same techniques...
...diverge from remote code. These exercises emulate such situations. You are free to apply better naming conventions to the requested commit messages, they are only kept short here to fit...
...to cancel event propagation, each with different semantics. event.preventDefault() Only prevents the default browser behavior for the click, i.e. going to a different url or submitting a form.
In the Gitlab settings the flag Auto-cancel redundant pipelines is enabled by default. This auto-cancels pipelines with jobs...
This card explains how to generate an entity relationship diagram for your Rails application. We also show how to limit...
I encountered a unlucky behavior of byebug 11.1.3 (the most recent version at time of writing) when using it with Rails 6 and it's new autoloading component, zeitwerk. There...
Learn to store attachments in a way that is accessible by authorized users only Learn to prevent users from...
For Rails models where only one of multiple attributes may be filled out at the same time, there is no...
Since I use this a lot in my daily work and there were no scripts working properly for me, I...
Building application assets with esbuild is the new way to do it, and it's great, especially in combination with...
I recently enjoyed debugging a Cucumber step that tried to be retryable using a patiently block: Then /^"([^"]*)" should( not)? be...
When you replace parts of the DOM with new HTML, using .innerHTML = newHtml is usually the simplest and fastest option...
In RSpec you can tag examples or example groups with any tags you like simply by saying describe ReportCreator, slow...
Within a Flexbox layout, there are multiple CSS attributes that may affect a child's basis (the initial width before...
...It's much easier to detect the current Rails environment instead. You might be better of checking against the name of the current Rails environment. To do this, store the...
You can use local copies of gems in your Gemfile like this: gem 'spreewald', path: '~/gems/spreewald' As soon as you...
IRB 1.2 (shipped with Ruby 2.7, but works on 2.5+) brings pretty syntax highlighting and multiline cursor navigation. However, pasting...
Bundler allows you to specify the name of the Gemfile you want to bundle with the BUNDLE_GEMFILE environment variable...
Timecop is a great gem to set the current time in tests. However, it is easy to introduce flakyness to...
...the joins, and then authors for the pluck clause. The first corresponds to the belongs_to relationship, and the latter is the name of the db table. You could even...