Formats code blocks for better syntax highlighting
This commit is contained in:
parent
65c6f70300
commit
84d6a0e568
|
@ -65,7 +65,7 @@ After the installation is complete, a Rails app using Webpacker should have the
|
|||
|
||||
Additionally, this `actiontext.scss` file should be imported into your stylesheet pack.
|
||||
|
||||
```
|
||||
```scss
|
||||
// application.scss
|
||||
@import "./actiontext.scss";
|
||||
```
|
||||
|
|
|
@ -898,7 +898,7 @@ You can also set this value through an [environment
|
|||
variable](https://en.wikipedia.org/wiki/Environment_variable) to make running a
|
||||
staging copy of your site easier:
|
||||
|
||||
```
|
||||
```ruby
|
||||
config.action_controller.asset_host = ENV['CDN_HOST']
|
||||
```
|
||||
|
||||
|
@ -1013,7 +1013,7 @@ the cache will store the object before invalidating the cache. The `max-age`
|
|||
value is set to seconds with a maximum possible value of `31536000` which is one
|
||||
year. You can do this in your Rails application by setting
|
||||
|
||||
```
|
||||
```ruby
|
||||
config.public_file_server.headers = {
|
||||
'Cache-Control' => 'public, max-age=31536000'
|
||||
}
|
||||
|
|
|
@ -172,7 +172,7 @@ Let's see other situations that involve stale class or module objects.
|
|||
|
||||
Check this Rails console session:
|
||||
|
||||
```
|
||||
```ruby
|
||||
> joe = User.new
|
||||
> reload!
|
||||
> alice = User.new
|
||||
|
@ -198,7 +198,7 @@ Bottom line: **do not cache reloadable classes or modules**.
|
|||
|
||||
Applications can safely autoload constants during boot using a reloader callback:
|
||||
|
||||
```
|
||||
```ruby
|
||||
Rails.application.reloader.to_prepare do
|
||||
$PAYMENT_GATEWAY = Rails.env.production? ? RealGateway : MockedGateway
|
||||
end
|
||||
|
|
|
@ -1381,7 +1381,7 @@ You can find more information in the [Unicorn readme](https://bogomips.org/unico
|
|||
|
||||
Once you've configured the application server, you must proxy requests to it by configuring your web server appropriately. For example your NGINX config may include:
|
||||
|
||||
```
|
||||
```nginx
|
||||
upstream application_server {
|
||||
server 0.0.0.0:8080;
|
||||
}
|
||||
|
|
|
@ -331,7 +331,7 @@ application server, and you will be placed at the debugger's prompt `(byebug)`.
|
|||
Before the prompt, the code around the line that is about to be run will be
|
||||
displayed and the current line will be marked by '=>', like this:
|
||||
|
||||
```
|
||||
```ruby
|
||||
[1, 10] in /PathTo/project/app/controllers/articles_controller.rb
|
||||
3:
|
||||
4: # GET /articles
|
||||
|
|
|
@ -1338,7 +1338,7 @@ were inside the engine:
|
|||
You can also specify these assets as dependencies of other assets using Asset
|
||||
Pipeline require statements in processed files:
|
||||
|
||||
```
|
||||
```css
|
||||
/*
|
||||
*= require blorgh/style
|
||||
*/
|
||||
|
|
|
@ -468,7 +468,7 @@ Adding Command Line Arguments
|
|||
-----------------------------
|
||||
Rails generators can be easily modified to accept custom command line arguments. This functionality comes from [Thor](https://www.rubydoc.info/github/erikhuda/thor/master/Thor/Base/ClassMethods#class_option-instance_method):
|
||||
|
||||
```
|
||||
```ruby
|
||||
class_option :scope, type: :string, default: 'read_products'
|
||||
```
|
||||
|
||||
|
|
|
@ -754,7 +754,7 @@ head :bad_request
|
|||
|
||||
This would produce the following header:
|
||||
|
||||
```
|
||||
```http
|
||||
HTTP/1.1 400 Bad Request
|
||||
Connection: close
|
||||
Date: Sun, 24 Jan 2010 12:15:53 GMT
|
||||
|
@ -773,7 +773,7 @@ head :created, location: photo_path(@photo)
|
|||
|
||||
Which would produce:
|
||||
|
||||
```
|
||||
```http
|
||||
HTTP/1.1 201 Created
|
||||
Connection: close
|
||||
Date: Sun, 24 Jan 2010 12:16:44 GMT
|
||||
|
|
|
@ -734,7 +734,7 @@ This JavaScript code will simply display an alert box. The next examples do exac
|
|||
|
||||
These examples don't do any harm so far, so let's see how an attacker can steal the user's cookie (and thus hijack the user's session). In JavaScript you can use the `document.cookie` property to read and write the document's cookie. JavaScript enforces the same origin policy, that means a script from one domain cannot access cookies of another domain. The `document.cookie` property holds the cookie of the originating web server. However, you can read and write this property, if you embed the code directly in the HTML document (as it happens with XSS). Inject this anywhere in your web application to see your own cookie on the result page:
|
||||
|
||||
```
|
||||
```html
|
||||
<script>document.write(document.cookie);</script>
|
||||
```
|
||||
|
||||
|
@ -798,7 +798,7 @@ As a second step, _it is good practice to escape all output of the application_,
|
|||
|
||||
Network traffic is mostly based on the limited Western alphabet, so new character encodings, such as Unicode, emerged, to transmit characters in other languages. But, this is also a threat to web applications, as malicious code can be hidden in different encodings that the web browser might be able to process, but the web application might not. Here is an attack vector in UTF-8 encoding:
|
||||
|
||||
```
|
||||
```html
|
||||
<IMG SRC=javascript:a
|
||||
lert('XSS')>
|
||||
```
|
||||
|
@ -811,7 +811,7 @@ _In order to understand today's attacks on web applications, it's best to take a
|
|||
|
||||
The following is an excerpt from the [Js.Yamanner@m](http://www.symantec.com/security_response/writeup.jsp?docid=2006-061211-4111-99&tabid=1) Yahoo! Mail [worm](http://groovin.net/stuff/yammer.txt). It appeared on June 11, 2006 and was the first webmail interface worm:
|
||||
|
||||
```
|
||||
```html
|
||||
<img src='http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_mail_1.gif'
|
||||
target=""onload="var http_request = false; var Email = '';
|
||||
var IDList = ''; var CRumb = ''; function makeRequest(url, Func, Method,Param) { ...
|
||||
|
@ -843,7 +843,7 @@ So the payload is in the style attribute. But there are no quotes allowed in the
|
|||
|
||||
The `eval()` function is a nightmare for restricted list input filters, as it allows the style attribute to hide the word "innerHTML":
|
||||
|
||||
```
|
||||
```js
|
||||
alert(eval('document.body.inne' + 'rHTML'));
|
||||
```
|
||||
|
||||
|
@ -939,7 +939,7 @@ http://www.yourapplication.com/controller/action?referer=path/at/your/app%0d%0aL
|
|||
|
||||
Note that `%0d%0a` is URL-encoded for `\r\n` which is a carriage-return and line-feed (CRLF) in Ruby. So the resulting HTTP header for the second example will be the following because the second Location header field overwrites the first.
|
||||
|
||||
```
|
||||
```http
|
||||
HTTP/1.1 302 Moved Temporarily
|
||||
(...)
|
||||
Location: http://www.malicious.tld
|
||||
|
@ -951,7 +951,7 @@ So _attack vectors for Header Injection are based on the injection of CRLF chara
|
|||
|
||||
If Header Injection was possible, Response Splitting might be, too. In HTTP, the header block is followed by two CRLFs and the actual data (usually HTML). The idea of Response Splitting is to inject two CRLFs into a header field, followed by another response with malicious HTML. The response will be:
|
||||
|
||||
```
|
||||
```http
|
||||
HTTP/1.1 302 Found [First standard 302 response]
|
||||
Date: Tue, 12 Apr 2005 22:09:07 GMT
|
||||
Location:Content-Type: text/html
|
||||
|
|
|
@ -668,7 +668,7 @@ model behavior.
|
|||
When upgrading from Rails 4.2 to Rails 5.0, you need to create an
|
||||
`application_record.rb` file in `app/models/` and add the following content:
|
||||
|
||||
```
|
||||
```ruby
|
||||
class ApplicationRecord < ActiveRecord::Base
|
||||
self.abstract_class = true
|
||||
end
|
||||
|
@ -709,7 +709,7 @@ behavior has changed to now inherit from `ApplicationJob`.
|
|||
When upgrading from Rails 4.2 to Rails 5.0, you need to create an
|
||||
`application_job.rb` file in `app/jobs/` and add the following content:
|
||||
|
||||
```
|
||||
```ruby
|
||||
class ApplicationJob < ActiveJob::Base
|
||||
end
|
||||
```
|
||||
|
@ -1383,7 +1383,7 @@ gem to your `Gemfile`.
|
|||
now returns millisecond precision by default. If you need to keep old behavior with no millisecond
|
||||
precision, set the following in an initializer:
|
||||
|
||||
```
|
||||
```ruby
|
||||
ActiveSupport::JSON::Encoding.time_precision = 0
|
||||
```
|
||||
|
||||
|
@ -1674,7 +1674,7 @@ used with `PATCH`](http://www.rfc-editor.org/errata_search.php?rfc=5789). One
|
|||
such format is [JSON Patch](https://tools.ietf.org/html/rfc6902). While Rails
|
||||
does not support JSON Patch natively, it's easy enough to add support:
|
||||
|
||||
```
|
||||
```ruby
|
||||
# in your controller
|
||||
def update
|
||||
respond_to do |format|
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
|
||||
Usage:
|
||||
|
||||
```
|
||||
rails generate scaffold Pet name:string --database=animals
|
||||
```bash
|
||||
$ bin/rails generate scaffold Pet name:string --database=animals
|
||||
```
|
||||
|
||||
Will create an abstract class for the animals connection.
|
||||
|
@ -27,8 +27,8 @@
|
|||
|
||||
If you already have an abstract class and it follows a different pattern than Rails defaults, you can pass a parent class with the database argument.
|
||||
|
||||
```
|
||||
rails generate scaffold Pet name:string --database=animals --parent=SecondaryBase
|
||||
```bash
|
||||
$ bin/rails generate scaffold Pet name:string --database=animals --parent=SecondaryBase
|
||||
```
|
||||
|
||||
This will ensure the model inherits from the `SecondaryBase` parent instead of `AnimalsRecord`
|
||||
|
@ -205,7 +205,7 @@
|
|||
|
||||
Previously:
|
||||
|
||||
```
|
||||
```bash
|
||||
$ bin/rails g migration add_location_to_users location:references
|
||||
```
|
||||
|
||||
|
|
Loading…
Reference in New Issue