similar to: SQLite - show html from entry

Currently I want to implement in-place editing directly on the index-page (for the sake of learning just xx products with a name to be edited). These are my favorite links from yesterday''s research (for the archives): *On the spot is a Rails3 compliant unobtrusive javascript in-place-editing plugin: http://rubygems.org/gems/on_the_spot

Hello! Does anybody know of a Ruby implementation of a HTML sanitizer that prevents the attacks described on the xss cheatsheet? (http://ha.ckers.org/xss.html) I checked out the version Jamis wrote (http://dev.rubyonrails.com/ticket/1277), but that only covers the very basic attacks. Anybody? Just figured I would ask before, before I reinvent the wheel.. Ciao! Florian

Context: I have a GoodsReturn model with many ReturnedItem. For the new view, I create a new GoodsReturn with many new ReturnedItems from a sale (and its SoldItems). Problem: I want to have a Add/Selected checkbox with which the user can pick the items he wants to return. I know I could use a ''selected'' virtual attribute but I don''t want to pollute my model just for

I''m looking at Dragonfly, which seems to offer what I''m looking for in this area: the ability to upload an image, then later request that image at a different geometry, and either get a cached copy of that resized image, or create and cache that image. Can anyone point me to alternatives? Is this something that can be added to Paperclip? I''ve only ever used

Hello List, Label me a newb, but how do you install Rails 3 on your Mac? Google sent me to these URLs: http://weblog.rubyonrails.org/2010/2/5/rails-3-0-beta-release/ http://guides.rails.info/3_0_release_notes.html http://asciicasts.com/episodes/200-rails-3-beta-and-rvm From early Feb 2010 I see this short recipe: gem install tzinfo builder memcache-client rack rack-test rack-mount erubis mail

This seems very simple, but I can''t quite get it. Probably because I''m just starting out with RoR. My view has a slew of labels and text fields; many are "required": <%= f.text_field :screen_name %> <span class="required_field">Required field</span> (The "required_field" class turns the text red and smaller.) I''d like to

I have an application where I am allowing users to upload (or refer the app. to) arbritrary HTML that I am (currently) displaying in an IFRAME on a page. The users will be authenticated so it''s not open to the entire universe. I was always uneasy with this, but after reading the security chapter of AWDWR, I am even more concerned. What kinds of applications do people have out there

Hello All i am calling users/list.html.erb using <%= link_to_remote("MEMBER LIST",:update => "mcont", :url => {:controller => :users, :action => :list }) %> after that i want to do paging in list file but i doesn''t want to refresh page so that i want to do ajax + will_paginate. if any idea about it....... -- Posted via

Hi, I want to write a functional test using the default test unit that is included with rails 3. Is there a way to skip a setup call? So I''m trying to test the users controller. But to access those actions, I need to be logged in. So I put a login algorithm in my setup. But I do not need to be logged in to create a new user. This is why I want to skip the setup call. Eric -- You

This is more an architectural question.... I am looking to create a domain that sells widgets (as an example) widgets.com Now I have three sales reps, that each sell different kinds of widgets, and do not need to know about each other. larry.widget.com moe.widget.com curley.widget.com I don''t want to repeat myself (of course!) with the shopping cart logic or the transactional

Im using a customs processor to run ffmpeg on a video to create a thumbnail. So far so good. Except when I do: cmd = "-i #{@file.path} -f flv -s 320x240 ~/Downloads/foobar/q.flv" success = Paperclip.run(''ffmpeg'', cmd) Console is reporting: ffmpeg ''-i /var/folders/uL/uL0bYOOZEZaJH5E+BmDJVE+++TI/-Tmp-/stream, 16824,1.mpeg -f flv -s 320x240

Hi, I have the following code working in a rails 3 view, but it is unfortunately not pure rails code! <% @filter1 = "tr.show1,tr.show2" %> <% @filter2 = "tr.show1" %> <% @filter3 = "tr.show2" %> <form> <p> <input type="checkbox" value=<%=@filter1%> onclick="$ (this).is('':checked'')

Hi guys, I''m new to ruby and rails and I''m working on multi model forms, specifically 3. I''m using this http://guides.rubyonrails.org/getting_started.html as a start, and its got a 2 Model example but I cant seem to get the last one working. These are my models: Country name:string code:string (has_one :address) Address address_line1:string

Hi, I know I am missing something very big regarding the changes with respect to activerecord in Rails 3. I can''t find the explanation. And I''m sure someone will kick my ass for not finding the right piece of info in the docs and guides. Please do. I have a working piece of code but I don''t like it. So. Very basic association: class Project < ActiveRecord::Base

I have the following "show.html.erb" script, and I get as an output TWO images since I use a method to draw an image. How can I HIDE the RESOURCE image? Thanks. Here is the script: <canvas id="line" height="512" width="512"> </canvas> <p id="notice"><%= notice %></p> <p> <b> Name </b> <%=

Haven''t been able to find a good enough answer on whether using sanitize() is enough to really protect me from XSS attacks I basically have a blog page that I want to allow people to display comments on but would like to allow html tags to be posted on the comments, these could html tags like the imageshack img tags, youtube player, photobucket img tags etc any other approaches or

Hi, I'm using perl's HTML::StripScripts to clean out unwanted/broken html from forum post on my web site but it also removes <http://example.com> or <user at example.com> markdown constructs. Any idea how to make these two live together in harmony? Thanks, -- http://www.cruisefish.net

On 06/12/2015 01:01 PM, Gordon Messmer wrote: > On 06/13/2015 11:11 AM, jd1008 wrote: >> All your browsing history, all cookies ...etc are open books >> as far as many javascripts are concerned. > > Javascript can use CSS attributes to see if you've visited a specific > URL, which is unfortunate, but that's a long way from saying that your > history is an open

Being new to testing and ruby, are there "standard" tests that can be done that test for things like cross site scripting and friends? If not, anyone have ideas on what I might do about testing those sorts of things? I''ll be using rails, also. Mike B. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging

Hi! I wanna take a stab at implementing better XSS prevention for Rails. This time for real =) I''m wondering what would be the better way, clean everything up with tidy first and then do the rest with regexp or regexp all the way? Anybody done this before? Thanks! Ciao! Florian