...classes Page and Template. Both contain the same behavior: They have a string field #html which needs to be sanitized (stripped of malicious HTML) before validation: # app/models/page.rb class Page < ApplicationRecord...
...before_validation :sanitize_html private def sanitize_html self.html = Sanitize.clean(html) end end # app/models/template.rb class Template < ApplicationRecord before_validation :sanitize_html private def sanitize_html self.html = Sanitize.clean(html) end
...might upload content that hurts other users. Our primary concern here is users uploading .html or .svg files that can run JavaScript and possibly hijack another user's session.
...executing files that were downloaded from the internet. Attack example: Hijacking sessions with uploaded HTML or SVG files You run an app myapp.com. The attacker runs an app evil.com.
...more intuitive workflow when working with nested attributes in Rails + Unpoly: Without JS With HTML template and JS With HTML template and JS using dynamic Unpoly templates Adding Records via...
= task_form.check_box :_destroy = task_form.label :_destroy, "Remove task" = form.submit Adding nested records via template HTML with JS resources :variant_2_users, only: [:edit, :update] class Variant2UsersController < ApplicationController def edit
...an arbitrary route in your Rails application that is able to respond with regular HTML and JSON. By sending the specific MIME type in the Accept header, you tell the...
...application to either return HTML (text/html) or JSON (text/json). The problem is that Rails caches the response independently from the specified Accept header. This means that the first request made...
Capybara-screenshot can automatically save screenshots and the HTML for failed Capybara tests in Cucumber, RSpec or Minitest. Requires Capybara-Webkit, Selenium or poltergeist for making screenshots. Screenshots are saved...
...also use Rails' built-in ScreenshotHelper module available for Rails >= 5. Including assets in HTML screenshots for prettier presentation Note Capybara takes two kinds of screenshots: a regular image and...
...template for a format that the client understand. This means when all you are HTML templates, a request that only accepts application/json will raise an error: An ActionView::MissingTemplate occurred...
You can choose not to care. Since e.g. making JSON requests for HTML services is not supported use of your page, you don't have to support them...
...act like a layout. You can use this to extract common containers in your HTML. # _card.html.erb <%= yield %> # index.html.erb <%= render partial: 'card' do %> This is card content <% end %> <%= render partial: 'weather...
...Partials vs. Helpers I recommend to avoid using helpers when rendering large chunks of html and go for a partial instead. If your helper method requires a large chunk of...
...page to visitors. Disables your application's web interface by writing a #{maintenance_basename}.html file to each web server. The servers must be configured to detect the presence of...
cap maintenance:disable Makes the application web-accessible again. Removes the #{maintenance_basename}.html page generated by maintenance:disable, which will make your application web-accessible again.
...re-render the view for unchanged content, you don't need to send unchanged HTML over the network. Tip With the default ETag you don't need to care what...
...most Rails application layouts insert randomly rotating CSRF tokens and CSP nonces into the HTML, two requests for the same data state will never produce the same response bytes: ... ... ...
...sync vs. async control flow Talking to synchronous (or "blocking") API print('script start') html = get('/foo') print(html) print('script end') Script outputs 'script start', (long delay), '...
...', 'script end...
...Talking to asynchronous (or "evented") API print('script start') get('foo', done: function(html) { print(html) }) print('script end') Script outputs 'script start', 'script end', (long delay), '...
Properties of sync...
...element. So don't do this: text The browser will think you wrote invalid HTML by accident, and will sometimes reorder elements silently. There is one notable exception: It's...
...OK to wrap block elements in a tag in HTML5 (not 4). The spec says: The a element may be wrapped around entire paragraphs, lists, tables, and so forth, even...
For outputting a given String in HTML, you mostly want to replace line breaks with or tags. You can use simple_format, but it has side effects like keeping some...
If you only care about line breaks, you might be better off using a small, specialized helper method: def format_linebreaks(text) safe_text = h(text) paragraphs = split_paragraphs...
Unpoly 3.11.0 is a big release, shipping many features and quality-of-life improvements requested by the community. Highlights include...
There are two distinct ways of commenting Haml markup: HTML and Ruby. HTML comments This will create an HTML comment that will be sent to the client (aka browser):
...to 'Example', 'www.example.com' This produces the following HTML: Only use this variant if you need the comment to appear in the HTML. Ruby comments This will comment code so it...
...we want to hide via CSS and fill using JS = form.file_field_tag(:invoice, html: { class: 'visually-hidden' }) # You may also use CSS classes, of course %span(file-input-name...
...between smooth and instant scrolling. Preferring instant scrolling CSS can prefer instant scrolling behavior: html { scroll-behavior: auto; /* the default */ } An auto behavior causes the browser to instantly jump to...
...smooth scrolling CSS can prefer a smooth scrolling animation: @media not (prefers-reduced-motion) { html { scroll-behavior: smooth; } } An smooth behavior causes the browser to animate scrolling in these situations...
...common task in web applications is to add client-side JavaScript behavior to existing HTML elements. For instance, in Working with the DOM you built a movie counter script that...
...script already a component? Let's go through a checklist: ✔️ Reliable invocation Using the HTML markup above should always result in the same behavior. Components are usually invoked when a...
...scrolling by default. You can address this by disabling smooth scrolling in tests: body, html { scroll-behavior: auto !important; } If you have other scrolling elements with overflow-y: scroll or...
...as it is given. Behavior of "boolean attributes" remains unchanged No Haml value => no HTML value Boolean Haml value => attribute is rendered depending on that value All other values => rendered...
Haml HTML generated by Haml 5 & 6 %button(disabled) %button(disabled=true) %button(disabled=false) %button(disabled=nil) %button(disabled='123') Other attributes will be handled differently by Haml...
...die meisten modernen Webapplikationen bestehen. Außerdem weißt du für was welcher Baustein da ist: HTML CSS Javascript (Browser, Frontend) "Backend" Applikation Du verstehst warum HTTP ein "stateless Protocol" ist.
4xx 5xx Was ist ein HTTP Body? Wo ist der Unterschied zu einem HTML Body? Nenne die Hauptunterschiede, die zwischen HTTP/1.1 und HTTP/2 bestehen. Gehe insbesondere auf Multiplexing ein...
Get an idea of the varying support for HTML/CSS/JavaScript features in different browsers like Chrome, Firefox, Internet Explorer, Edge, Safari. Look up a few modern features like "subgrid", ":has...
...it comes to feature support. "Transpilation" and "polyfills" are both techniques to use modern HTML and JavaScript features with old browsers Understand the differences between transpilation and polyfilling
The DB schema is the most important source of truth for your application and should be very self-explanatory. If...
In this exercise we take a closer look at how the HTML forms produced by Rails helpers, and how user input in those forms is sent over...
...that view. Right-click into your form and select Inspect. You should see the HTML generated by your view. It will look something like this: Again your actual HTML will...
...nodes based on rendered text, even if it spans over multiple elements in the HTML. Imagine a page that includes this HTML: Hi! Try to match me. Even though the...
...text is separated by a tag in the HTML, it is matched until Capybara 2 which used to "squish" text prior to the comparison. # Capyabara 1 or 2 page.find('.haystack...