I have some "namespaced" custom tags(developed with radius gem) that i would like to use in my rails application. I'd like to use sanitize gem to prevent xss-attacks, but there are no descriptions how to configure namespace in sanitize. Is there any possible way?
The sanitize gem doesn't support namespaces. Briefly looking at the code for sanitize, neither the transform class that cleans elements nor the way it actually parses html gives Nokogiri (the xml parser underlying sanitize) the information it needs to be able to recognise and process namespaces), so without modifying sanitize to support this, it's not going to be possible.
You'll be able to see the tags without the prefixed-namespaces in sanitize, so if they all have custom names that don't collide with any other tags, you can specify those, but with sanitize as it is currently written, you can't filter namespace-specific tags.
As far as I know the sanitize gem just filters javascript and HTML from params in the controller. Perhaps its been extended since I last looked.
No, you can't namespace most gems. There are a few hacks to put wrappers around them with monkey patching. If needed I would google "ruby namespace collision" and you get something like this How to resolve Rails model namespace collision
Related
By using Kristin Gem, Is there any possible way to store the result of the conversion on a variable instead of outputting it as a file?
Assuming that the link below goes to the gem you are talking about, no. The gem is a very thin layer on top of pdf2htmlEX and simply spawns the process with the arguments passed. Further, pdf2htmlEX doesn't seem to support redirecting its output and adding this feature doesn't seem to be on their todo list, so adding this functionality would require wrapping a different converter.
I think your best bet would be to save load the HTML to a variable after creation.
Kristin:https://github.com/ricn/kristin
Thread about adding output redirection to pdf2htmlEX: https://github.com/coolwanglu/pdf2htmlEX/issues/638
I am trying to add a few translations to the frontend of our module. When the translations are in the .tpl files they do get rendered. However no translation fields get shown in the backend my code for the .tpl files is:
{l s="Text" mod="myModule"}
I also do need to do some translating in the FrontControllers (mainly Error handling and feedback for serverside validation).
In the AdminController I simply use $this->l('Text'); which works. However, in the FrontController this is not available. I've checked the ControllerCore and FrontControllerCore, l() is not defined in those and only available in AdminController.
Can anyone give me a detailed explanation of what I need doing? All my research on the web always points to $this->l() being the thing to use...
When using translations in tpl files you need to use single quotes not double quotes.
{l s='Text' mod='myModule'}
As for front controllers... well if you're using custom module controllers as in controllers that extend ModuleFrontController you can use
$this->module->l('Text');
And if you're not using those controllers then... start using them.
Some things might be different since thirtybees is a fork of PrestaShop but I guess translation mechanism is the same.
rails 3.2
I am new to slim, and I have to work with an application that's using it. Reading through some documentation, I see that using something like:
.class
which translates to:
<div class="class"></div>
In the code I inherited, in the .html.slim file, I have:
.form-section.customer_info
When I look through the stylesheets folder, I cannot find customer_info, but I can find form-section.
Shouldn't I be able to find customer_info in one of the stylesheets?
The answer is maybe you can find it in a stylesheet. But there are other cases, where you may not:
Sometimes a class is used as a target for a JavaScript snippet; if you find it mentioned in the javascript for the app, then you likely want to keep it because an interaction may depend on it (read the JS code to determine this).
Sometimes, the class has been removed from the stylesheet and not removed from the code; in this case you may remove it.
However, sometimes a class is added to mark the section of HTML as semantically significant so that styling can be applied to it at a future time; in that case, you may choose to keep it.
For instance, for better or ill, when I am writing code, I will name sections using classes, as .user-list or .part-table to indicate that, as the coder, I know the HTML code is going to contain users or parts. By doing this consistently I can mark out portions of the front end for later consistent styling by usage; that is, all the part tables can be styled the same way, all the user lists can be styled the same way, etc. Again, this is a convention I have seen used and that I practice. Nonetheless, these represent a few reasons why a class may be present in the HTML, but not referenced elsewhere.
I have installed the less-rails gem as I am keen to use the colour manipulation LESS offers. I need to extract a colour from my database as my themes base colour, and build up from there.
I have the static CSS, and have renamed it styles.css.less to ensure that rails understands the less extension, which it appears to.
The next thing I tried was to also wrap the file as an erb, to hopefully allow ruby string literals to process before being sent to LESS, and eventually outputting as valid CSS (still with me?)
The file is now called style.css.less.erb. While the file simple contains valid CSS, the processing of the document works. As soon as I add a ruby string literal, it fails.
color: #{"#112233"};
In the chrome debugger, nothing after this line is getting processed.
What am I doing wrong, and how should I do what I am trying to do?
As Chowlett says in comments, you should use erb syntax: <%= "#112233" %>
Next step is get that value from db. If this color value is application-wide, probably you are looking for settings in db solution. I use rails-settings-cached gem for that. Your result code will looks like
color: <%= Setting.foo_color %>
If you are using assets on production, don't forget to recompile them after each setting change.
And if it's not a setting but probably something specific to each user then you can't use application-wide css files for that, but you can write inline css in views.
When doing J2EE development, I find it handy for debugging to view the Java classes that are generated by the JSP compiler.
How can I do the equivalent in Ruby? Since it is all in memory, it won't generate a file that I can view. I believe it's the ERB module that generates the corresponding object for a template, so how can I actually view the object? Can I drop a debugger statement somewhere and use rdb? Is there some configuration value I can tell it to dump the object definition? I'm using rails, in case that makes a difference.
I don't think rails generates a class for your view. It basically calls eval after processing the file. Or do you mean inspecting the erb object while it's parsing your template?
If it's the latter you can find erb.rb in lib\ruby\1.9.1 I'd imagine you could just drop a debugger statement throughout that file.
I always make a habit of adding the following to my views (layout) which allows me to inspect or debug the parameters being used by the view in question.
<%= debug(params) %>
This will format all the parameters in yaml and display them in a Hash format.
Have a look at the method in the source code to get a better understanding. SOURCE
There are some differences compared with the Java way due to language differences.
Most template libraries for Ruby follow these steps when compiling/optimizing:
The template is compiled into Ruby source code -- not a class but a long procedure that appends to a string buffer while traversing the logic of the original template.
This ruby code is evaluated in order to be bound for later reference, preferably within a method body. This way, it is only parsed once by the interpreter.
The method (or other context) containing the logic of the parsed template is invoked to render it.
Anyway, the compiled template code therefore looks a lot like a much noisier version of your original template, and will generally not help you debugging, unless you're debugging the template language itself.
Anyone interested in template language implementation might enjoy a look around the Tilt code (use different template languages with the same rendering interface and optimization), and Temple (a great template language meta-implementation).