similar to: Testing for cross site scripting, etc.

I''d like to output my rcov data to the screen in ascii instead of html...is that possible using the rake spec:rcov command? Also, is there somewhere that will allow me to search the mail archives...I''m pretty sure someone else has asked similar questions. Thanks for the help. Mike B. ---------------------------------------------------------------- This message was sent

I''ve just started doing TDD/BDD and like the idea of mocks. So I set out to use them. The doc pages seem great, I setup the mock and then it just works. Here is what I am trying to do: Myuser is a non-rails model of user attributes. We are going to be mocking the connection to the ldap server. The user class has a login method that connects to the ldap server and if successful,

I''ve done a clean install of Ubuntu 7.04 server in 2 different machines and everytime I reboot the machine or manually run /etc/ init.d/mongrel_cluster restart/start the mongrels won''t start correctly. I have to manually start them by using mongrel_rails cluster::start from each app folder. I''ve been searching around and it looks like mongrel has some problems

If I have a low volume application and I want to use DigestAuth to limit access to the site, is it possible to do this with just mongrel/mongrel_cluster? I''m thinking I''m going to have to include Apache to make this work, and I heard that Rails 2 has methods to do this, but thought I''d ask. Mike B. ----------------------------------------------------------------

Here is a short bash script I wrote to install rspec if your just using the tarballs like me. I probably should have written it in ruby, but there it is: #!/bin/bash RSPEC=rspec-1.0.4-pre-release.tgz RSPECRAILS=rspec_on_rails-1.0.4-pre-release.tgz [ -z "$1" ] && { echo echo "You must include a pathname" echo exit 1 } if [ -d $1/vendor/plugins ]; then cd

Just curious as to the functionality of puppet. Does Puppet ensure that a service is up and running as long as puppet is running? Ie, I want to make sure ssh is always running, if for some reason ssh get''s shut down, does puppet start it back up when it does it''s config sync run? Thanks! --------------------------------- Pinpoint customers who are looking for

OK. I thought I would start by looking at how cron.rb in the puppet lib/type works because what I''m trying to accomplish is similar. However, when looking through that, it wasn''t immediately obvious to me how or when the resulting cron file was getting written out. Is this getting stored up in some instance var or something? Maybe getting sent to standard out and some

Anyone willing to tar me up the 1.0.8 of rspec and rspec_on_rails? I''m interested in giving the story runner stuff a try. I really got to get svn going somehow. Mike B. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.

I''m looking for some ideas about how to learn how to use puppet. One of my main concerns is dorking up the machine I''m testing it on. For this I''m using a VM. So that concern is mainly taken care of. If some of you experienced puppet users where going to do it all over, what parts would you try to learn first? I have successfully been able to get a cronjob added

I read this article (http://rubyforge.org/pipermail/mongrel-users/2006-April/000084.html) and it encouraged me to ask if it was possible to host a rails app that had parts of it that were perl cgi. Is there any possibility of getting something like this working using mongrel? The goal would be to have the rails app control the authentication and authorization, then execute some of the cgi

I can see that the file story_adapter.rb isn''t where it is supposed to be, however, I don''t know where it comes from in the first place. Can someone give me a hint here? I installed using: ruby script/plugin install svn://rubyforge.org/var/svn/rspec/tags/CURRENT/rspec ruby script/plugin install svn://rubyforge.org/var/svn/rspec/tags/CURRENT/rspec_on_rails The above is

I''ve been watching the thread where Luke is having to spend time defending his position about documentation. Can we get off that? From my perspective, Luke, I''m glad you have documented as much as you have. I''m one of the few who have been a little stymied by what documentation is available, but in no way do I believe berating you for your lack of documentation is a

Hi all, I''m working on a Backbone.js single page app with Rails 3.1, and in an attempt to save on HTTP requests, I want to embed initial data set in a HTML document that is sent back to the browser after successful login. I was thinking I can simply convert my ruby object to JSON, then HTML escape resulting string of JSON, and then use that as a value for JavaScript variable. Something

A couple of things: - it is defaulted to 1.0.5, but if there was a "current" I could probably use that instead. - it seems like everyone might not use the rspec_on_rails piece...what do other think? - there are some other checks I could put in here, suggestions are welcome. - general code suggestions are welcome as well. Mike B. Here is my ruby version: #!/usr/bin/ruby -w

I''ve submitted a small patch to make Rails behave properly with the Erubis <%== %> construct. For some reason the current behaviour of that tag in Rails 3 is to escape the contents _twice_ which is probably a bug. I offer three suggestions why this is a good idea: - The syntax is cleaner. It can avoid a lot of .html_safe and raw in your views. I especially like the conciseness of

I''ve been going through Pat''s example story and noticed that there was no checking for a bad login. I assume this is because that would have made the article bigger and more complicated than it needed to be. So the question that comes of of this is: How do folks normally handle the negative case? My plan was to just use another scenario, but as a new person to BDD/TDD,

In web applications that have user generated content, it is clearly necessary to provide some ability to ''escape'' user generated text to avoid SQL injection, XSS, and other nasty attacks. The existing dogma on this point seems to favor escaping text as it comes out of the database, rather than doing it on the way in. I''m not sure that I understand the logic behind

Hello, I''ve install ror/mongrel etc, etc on a linux server (rhes). As i''m not root, all package startinf from ruby have been install into ~/gconf/usr ruby-1.8.6 and all of this gem package: -r-xr--r-- 1 dimnce dba 168448 Aug 9 14:53 rails-1.2.3.gem -r-xr--r-- 1 dimnce dba 84480 Aug 9 14:56 rake-0.7.3.gem -r-xr--r-- 1 dimnce dba 217088

Haven''t been able to find a good enough answer on whether using sanitize() is enough to really protect me from XSS attacks I basically have a blog page that I want to allow people to display comments on but would like to allow html tags to be posted on the comments, these could html tags like the imageshack img tags, youtube player, photobucket img tags etc any other approaches or

Hello! Does anybody know of a Ruby implementation of a HTML sanitizer that prevents the attacks described on the xss cheatsheet? (http://ha.ckers.org/xss.html) I checked out the version Jamis wrote (http://dev.rubyonrails.com/ticket/1277), but that only covers the very basic attacks. Anybody? Just figured I would ask before, before I reinvent the wheel.. Ciao! Florian