simple_format ignores Rails' XSS protection. Even when called with an unsafe string, HTML characters will not be escaped or stripped! Instead simple_format calls sanitize on each of the...
...you need to escape yourself: simple_format(h(user_input)) If you're using Rails 7.1 you can also customize your sanitize opions that simple_format uses. E.g if you...
...animation: none !important; } To only include these styles for tests, see Detect the current Rails environment from JavaScript or CSS. Disabling animations in Unpoly In Unpoly you can globally disable...
...argument('--disable-smooth-scrolling') Related cards Does or scroll the page? Detect the current Rails environment from JavaScript or CSS Disable concurrent AJAX requests in tests In applications that do...
Note that when your app is a web app, the console running your rails server will pause the server and show the debugging console. Your browser will "hang" while...
If you need to debug code that is part of a gem like rails, just (temporarily) add a puts or debugger statement to its source files. Ruby is an...
...a named scope like Post.active and use that. Learn Resources Active Record Query Interface Rails Database Best Practices ActiveRecord: Specifying conditions on an associated table Preload, Eagerload, Includes and Joins...
...Battling n+1 Queries in Rails Tips Preventing scopes from loading A scope like User.where(email: 'foo@bar.com') does not make an SQL query. It simply returns a scope object for...
...but give sub-classes a way to override values without affecting the parent class. Rails has many helpers for this such as class_attribute and class_inheritable_accessor. Unfortunately their...
...semantics are hard to understand, the helpers available differ for different versions of Rails and the behavior is subtly different. Make sure you read and understand the API before using...
...to be released when the block ends. Example: RSpec::Mocks.with_temporary_scope do allow(Rails).to receive(:env).and_return('production'.inquiry) puts Rails.env # prints "production" end puts Rails.env # prints...
To allow HTTP 304 responses, Rails offers the fresh_when method for controllers. The most common way is to pass an ActiveRecord instance or scope, and fresh_when will set...
The problem It might seem simple enough to just say: updated_at = Rails.cache.fetch('updated_at_of_expensive_scope') fresh_when last_modified: updated_at The example above calls...
Understand how nested attributes appear in the params. See how the Rails form helpers encode the names of nested inputs. Understand how the record and all of its nested...
...saved in a transaction. That means the entire structure is saved or not. Resources Rails Guide: Nested forms Nested Forms in Rails Popular mistakes when using nested forms When aggregating...
...at the same time have a .where on an included table, two things happen: Rails tries to load all involved records in a huge single query spanning multiple database tables...
...activity.reload.users.ids # => [1, 2, 3, 4] Or you can reset the association cache: activity.users.reset # newer Rails activity.users(true) # old Rails In newer Rails versions you should prefer to use joins and...
...you thought it would be, you don't understand how XSS protection works in Rails. Calling html_safe on the joined array will incorrectly bless the complete string as safe...
...string].join(' ').html_safe # will incorrectly render as ' foo bar ' with unescaped tags Good Rails >=3 safe_join([unsafe_string, safe_string], ' ') # will correctly render as '<span>foo...
...runs; Code Reviews include test badge; Automatically merge a PR on green tests Upgrade Rails 5 0 - 5 New Rails features are accessible Replace slider framework 4 4
...load associated records if you know you need to access them later on. The Rails docs say: Eager loading is supported with polymorphic associations. This is true, but has some...
...and include their current versions' primary media... Page.includes(:current_version => :primary_medium).to_a ... Rails will produce 4 queries: Page Load (0.7ms) SELECT "pages".* FROM "pages" PageVersion Load...
Rails applications and ruby gems should have a README that gives the reader a quick overview of the project. Its size will vary as projects differ in complexity, but there...
...be written atop the class file. Structure I suggest the following outline for a Rails project's README, using the very readable Markdown language: # App title Describe the whole project...
Accept: application/json This means the client will only understand JSON responses. When a Rails action is done, it will try to render a template for a format that the...
...pages/foo, application/foo with {:locale=>[:de], :formats=>[:json], :handlers=>[:erb, :builder, :haml]} This is because Rails tried to find a template like foo.js.erb but all it found was foo.html.haml (which the...
...the threads terminate. This only affects threads that use ActiveRecord. You can rely on Rails' various clean-up mechanisms to release connections, as outlined below. This may cause your application...
...will allow in total. You can configure the maximum number of connections for each Rails process. This is called the size of your connection pool. The default pool size is...
gem 'super_diff' Require it in your spec_helper.rb require 'super_diff/rspec' # For Rails applications you can replace this with 'super_diff/rspec-rails' Customize colors in spec/support/super_diff.rb SuperDiff.configure do |config...
...contain exactly "XXX" ActiveRecord::Base is monkey patched by super_diff/rspec-rails (includes rspec and rails) super_diff/rails (includes active_record and active_support) super_diff/active_record This means that you have...
...ordered by ID because they need to be able to iterate in batches. Modern Rails will raise an error if you try order yourself. If you are on Rails...
...aware that find calls inside the block are implicitly scoped. This is fixed in Rails...
...for storing time of day in the format hh:mm:ss, neither Ruby nor Rails themselves offer an elegant way to deal with day times. Time and DateTime both handle...
...for Ruby 3.3: A nice API for the official Ruby standard library Ruby on Rails Since you will use Rails more than any other gem, you will always want its...
...documentation to be close: Rails API Rails guides ActiveSupport ActiveSupport extends core classes in Ruby. We are so used to having ActiveSupport around that we don’t even think of...
...note that some of the functions edge_rider provides have native implementations in newer rails versions. Useful in applications Relation#traverse_association(*names) Edge Rider gives your relations a method...
...These utilities are mostly useful in libraries that need to support multiple versions of Rails. They offer a unified interface across Rails versions. Relation#collect_ids You should not use...
...Using unguessable URLs. This is fast (because Apache can deliver assets without going through Rails), but less secure. When going with the "unguessable URL" approach, it is possible to somewhat...
...with SecureRandom.hex(32), and also put it as url_signature_secret into your secrets.yml. Rails helper To generate an expiring URL, use the following helper: def sign_public_path(path...
...field that is handled by Carrierwave uploaders (or maybe any other attachment solution for Rails) in tests allows different approaches. Here is a short summary of the most common methods...
...RSpec looks for fixture files: RSpec.configure do |config| config.file_fixture_path = "spec/custom_directory" end Alternatives: Rails.root.join('spec/fixtures/files/avatar.jpg').open('r') Rails.root.join('spec/fixtures/files/avatar.jpg').read File.open('spec/fixtures/files/avatar.jpg') (might only work if you run the...
...only list versions that are allowed by your Gemfile requirements (e.g. does not show rails update to 6 if your Gemfile has the line gem 'rails', '~>5.2'). I also experienced...
...worldwide by developers looking for help and tips on web development with Ruby on Rails and DevOps. 15 years ago – in 2009 – we wrote our first card. Since then, over...
...in makandra cards We gain the most experience in web development and Ruby on Rails in our day-to-day work, as web development is our largest team and we...