etc,
current page and link: '/lessons/4' which is a normal page without emberjs
and I want to redirect to
'/#/sections/2'
next_page
Because the link is with hash, it will not reload in the next_page.
So how can I force it to reload?
My current solution is
Start
Do you have any better solutions?
A better way to do this is to set an event handler on hash change.
See also this question that might help you. I am not familiar with emberjs.
Also, rails support unobtrusive JavaScript, it is good practice to code following this principle.
Related
I managed to get rack-mini-profiler gem to run fine on the full pages we serve in our app. What I didn't manage is, how to directly get the data also for one of the calls we serve via ajax to another page. I found, that if I do the ajax call and then call one of our full page requests, I see also the ajax timing, but this is kind of cumbersome to do.
Do you have any tips on how to see the small menu also directly on the page where the ajax call is done? Our ajax call is returning html and there would be enough space to show the menu.
My apologies for responding with an indirect answer to your question. But, I highly recommend the Chrome Extension (and associated gems) Rails Panel, particularly for investigating Ajax/Async calls with Rails.
I use it daily at work and find it to be a great tool.
Once you've added rack-miniprofiler to your bundle, then you need to set disable_caching = true. You can do this in an initializer:
# config/initializers/rack_profiler.rb
if Rails.env.development?
Rack::MiniProfiler.config.disable_caching = true
end
Okey, so I have this problem... And I've had it for like weeks. I'm working on a school project and I'm supposed to make a live form validation using Ruby on rails and ajax (jQuery/Coffee). I've google my arse off and I've found loads and loads of plugins for it, but not one helpful tutorial. I've got some code together that seems legit, but I need help to make this code validate the form live, checking the database for email, username etc. It's for the sign up page so I think you get the idea.
$("#new_user").live "ajax:beforeSend", (event, xhr, status) ->
form = $(this)
form.validate {
# Validations goes here, but how do I write it?
}
false unless form.valid()
So I guess I'm suppose to write a controller to handle the validations through this jQuery. I'm really new to both Rails and Ajax, so please help me out here.
Your school project will probably be due by now, but here goes anyway.
Check out https://github.com/bcardarella/client_side_validations.
If you use this, you don't need to worry about writing javascript to validate your form. You just need to worry about writing the correct validations in your model.
This might help get you started http://railscasts.com/episodes/263-client-side-validations.
Also if you are new to rails you should know that for most common problems and for a lot of not so common problems there is a solution in the form of a gem.
So if you need to write sign-in/sign-up functionality you might want to check out https://github.com/plataformatec/devise. Which also has a railscast http://railscasts.com/episodes/209-introducing-devise.
Finally here is wiki page that explains how to make client_side_validationsand simple_form work together https://github.com/bcardarella/client_side_validations/wiki/Using-Devise.
Hope this helps.
what are the scenario's where Ajax could not be used in Rails Application.
Is there any disadvantages of AJAX (AJAX on RAILS) if yes please mention which are they?
The browser may not be able to interpret javascript, but rails can detect that and you can act accordingly
The user cannot back/forward or bookmark a particular state within the page, because it is dynamically generated
Search engines cannot index particular states within the page
There may be others that i can't think of right now.
I think the biggest disadvantage of AJAX in general is the desire to use is when it is not needed.
I'm looking at the liquid templating language for Rails apps:
http://wiki.github.com/tobi/liquid/
I'd like my users to also be able to make AJAX calls (just like the ones in rails for periodically_call_remote, observe_field, etc). Is this possible?
Assuming the rails helpers can be added as filters, how will the user be able to modify what gets returned by the AJAX call? They cannot modify an rjs file on the server or anything like that. I suppose the AJAX call could return JSON (instead of rendered html) and then the javascript could use that to render something. But I'm having a little trouble envisioning how it would work exactly.
If anyone can point me to an example of this or clarify it'd be much appreciated. Thanks!
Is allowing any user to make any ajax call really what you want ?
Don't forget you can't trust your users. Do you really want them to be able to request any page on your domain name ?
I guess you want to be able to allow them to request some pages only though. A defined list of urls.
Then you can just create one filter per url that'll return your content.
So if the user does in his template :
{{ get_users }}
Which will do, internaly, an ajax call retrieving the list of all your users.
You can think generic when you're working on things that only developers should be working on.
But when it's about allowing your users to change the code of your application, you should restrain them so they don't hack and break everything.
I'm currently in the process of writing my first Rails app. I'm writing a simple blog app that will allow users to comment on posts. I'm pretty new to Rails, so I'm looking for a bit of guidance on how to address security concerns with user input.
On the front end, I am using TinyMCE to accept user input. It is my understanding that TinyMCE will strip out any suspicious tags (e.g. <script>) from user input before posting to server. It seems that this could be bypassed by disabling javascript on the page, allowing a user to have free reign in the text area. TinyMCE recommends using javascript to create the TextArea. Therefore if the user disables javascript, there will be no text area. Is this the standard solution? It seems like a bit of a hack.
On the back end, what is the best way to strip out malicious code? Would I want to put some sort of validation in the create and update methods inside my comments controller? Is there some functionality built into Rails that can assist with this?
When displaying the information back out to the user, I'm assuming that I don't want to escape the HTML markup (with <%= h *text*%>), because that's how its stored in the back end. Is this bad practice?
I'm generally a big fan of cleaning out the data prior popping that stuff into the database. This is a debatable practice, but I usually lean toward this.
I use a modified version of the old white_list plugin to not strip out the html, but to convert anything I do want into a safer format.
<tag>
becomes
<tag>
This way I'm not really altering the content of the submission.
There are some plugins that specifically handle sanitization using a white/black list model.
http://github.com/rgrove/sanitize/ # Have not used, but looks very interesting
http://github.com/imanel/white_list_model # Used, not bad
There is also act_as_sanitized, but I have no real info on that.
And of course using the h().
Your suspicions are justified, but the creation of a text area in javascript won't make you any less vulnerable. A user could always use something like curl to force a form submission without ever visiting your site through a web browser.
You should assume that a user can post malicious scripts into the comments, and escape it on the frontend. Using <%= h(...) %> is one way to do it, or you can use the sanitize method in the same way. It will strip any scripts and escape all other html except for a few common tags that aren't harmful. Documentation for sanitize.
In addition to nowk's suggestions there is also the xss_terminate plugin. I have been using it in some of my applications. I found it to be easy to use, it needs almost no configuration, and has been working like a charm.