docs: lint Markdown for four rules
- extra whitespace - markup - missing "alt" attribute - trailing whitespace
This commit is contained in:
parent
58ce690711
commit
dcd0544aed
|
@ -312,7 +312,7 @@ Action Pack
|
|||
|
||||
#### Deprecations
|
||||
|
||||
* Passing formats or handlers to render :template and friends like `render :template => "foo.html.erb"` is deprecated. Instead, you can provide :handlers and :formats directly as options: ` render :template => "foo", :formats => [:html, :js], :handlers => :erb`.
|
||||
* Passing formats or handlers to render :template and friends like `render :template => "foo.html.erb"` is deprecated. Instead, you can provide :handlers and :formats directly as options: `render :template => "foo", :formats => [:html, :js], :handlers => :erb`.
|
||||
|
||||
### Sprockets
|
||||
|
||||
|
|
|
@ -284,7 +284,7 @@ message, to allow future contributors to easily verify your findings and
|
|||
determine if they are still relevant. (For example, future optimizations in the
|
||||
Ruby VM might render certain optimizations unnecessary.)
|
||||
|
||||
When optimizing for a specific scenario that you care about, it is easy to
|
||||
When optimizing for a specific scenario that you care about, it is easy to
|
||||
regress performance for other common cases.
|
||||
Therefore, you should test your change against a list of representative
|
||||
scenarios, ideally extracted from real-world production applications.
|
||||
|
|
|
@ -236,7 +236,7 @@ Cross-Site Request Forgery (CSRF)
|
|||
|
||||
This attack method works by including malicious code or a link in a page that accesses a web application that the user is believed to have authenticated. If the session for that web application has not timed out, an attacker may execute unauthorized commands.
|
||||
|
||||
![](images/security/csrf.png)
|
||||
![Cross-Site Request Forgery](images/security/csrf.png)
|
||||
|
||||
In the [session chapter](#sessions) you have learned that most Rails applications use cookie-based sessions. Either they store the session ID in the cookie and have a server-side session hash, or the entire session hash is on the client-side. In either case the browser will automatically send along the cookie on every request to a domain, if it can find a cookie for that domain. The controversial point is that if the request comes from a site of a different domain, it will also send the cookie. Let's start with an example:
|
||||
|
||||
|
@ -373,7 +373,7 @@ def sanitize_filename(filename)
|
|||
end
|
||||
```
|
||||
|
||||
A significant disadvantage of synchronous processing of file uploads (as the attachment_fu plugin may do with images), is its _vulnerability to denial-of-service attacks_. An attacker can synchronously start image file uploads from many computers which increases the server load and may eventually crash or stall the server.
|
||||
A significant disadvantage of synchronous processing of file uploads (as the `attachment_fu` plugin may do with images), is its _vulnerability to denial-of-service attacks_. An attacker can synchronously start image file uploads from many computers which increases the server load and may eventually crash or stall the server.
|
||||
|
||||
The solution to this is best to _process media files asynchronously_: Save the media file and schedule a processing request in the database. A second process will handle the processing of the file in the background.
|
||||
|
||||
|
@ -405,7 +405,7 @@ raise if basename !=
|
|||
send_file filename, disposition: 'inline'
|
||||
```
|
||||
|
||||
Another (additional) approach is to store the file names in the database and name the files on the disk after the ids in the database. This is also a good approach to avoid possible code in an uploaded file to be executed. The attachment_fu plugin does this in a similar way.
|
||||
Another (additional) approach is to store the file names in the database and name the files on the disk after the ids in the database. This is also a good approach to avoid possible code in an uploaded file to be executed. The `attachment_fu` plugin does this in a similar way.
|
||||
|
||||
Intranet and Admin Security
|
||||
---------------------------
|
||||
|
|
Loading…
Reference in New Issue