From dcd0544aed21ffdf8fc2f30fb32633001a86415c Mon Sep 17 00:00:00 2001 From: John Bampton Date: Tue, 13 Apr 2021 14:41:00 +1000 Subject: [PATCH] docs: lint Markdown for four rules - extra whitespace - markup - missing "alt" attribute - trailing whitespace --- guides/source/3_2_release_notes.md | 2 +- guides/source/contributing_to_ruby_on_rails.md | 2 +- guides/source/security.md | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/guides/source/3_2_release_notes.md b/guides/source/3_2_release_notes.md index dd5adf9c30..edd40ce943 100644 --- a/guides/source/3_2_release_notes.md +++ b/guides/source/3_2_release_notes.md @@ -312,7 +312,7 @@ Action Pack #### Deprecations -* Passing formats or handlers to render :template and friends like `render :template => "foo.html.erb"` is deprecated. Instead, you can provide :handlers and :formats directly as options: ` render :template => "foo", :formats => [:html, :js], :handlers => :erb`. +* Passing formats or handlers to render :template and friends like `render :template => "foo.html.erb"` is deprecated. Instead, you can provide :handlers and :formats directly as options: `render :template => "foo", :formats => [:html, :js], :handlers => :erb`. ### Sprockets diff --git a/guides/source/contributing_to_ruby_on_rails.md b/guides/source/contributing_to_ruby_on_rails.md index be73089603..468e6f849b 100644 --- a/guides/source/contributing_to_ruby_on_rails.md +++ b/guides/source/contributing_to_ruby_on_rails.md @@ -284,7 +284,7 @@ message, to allow future contributors to easily verify your findings and determine if they are still relevant. (For example, future optimizations in the Ruby VM might render certain optimizations unnecessary.) -When optimizing for a specific scenario that you care about, it is easy to +When optimizing for a specific scenario that you care about, it is easy to regress performance for other common cases. Therefore, you should test your change against a list of representative scenarios, ideally extracted from real-world production applications. diff --git a/guides/source/security.md b/guides/source/security.md index 18f6da1e65..3d7cebe6cf 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -236,7 +236,7 @@ Cross-Site Request Forgery (CSRF) This attack method works by including malicious code or a link in a page that accesses a web application that the user is believed to have authenticated. If the session for that web application has not timed out, an attacker may execute unauthorized commands. -![](images/security/csrf.png) +![Cross-Site Request Forgery](images/security/csrf.png) In the [session chapter](#sessions) you have learned that most Rails applications use cookie-based sessions. Either they store the session ID in the cookie and have a server-side session hash, or the entire session hash is on the client-side. In either case the browser will automatically send along the cookie on every request to a domain, if it can find a cookie for that domain. The controversial point is that if the request comes from a site of a different domain, it will also send the cookie. Let's start with an example: @@ -373,7 +373,7 @@ def sanitize_filename(filename) end ``` -A significant disadvantage of synchronous processing of file uploads (as the attachment_fu plugin may do with images), is its _vulnerability to denial-of-service attacks_. An attacker can synchronously start image file uploads from many computers which increases the server load and may eventually crash or stall the server. +A significant disadvantage of synchronous processing of file uploads (as the `attachment_fu` plugin may do with images), is its _vulnerability to denial-of-service attacks_. An attacker can synchronously start image file uploads from many computers which increases the server load and may eventually crash or stall the server. The solution to this is best to _process media files asynchronously_: Save the media file and schedule a processing request in the database. A second process will handle the processing of the file in the background. @@ -405,7 +405,7 @@ raise if basename != send_file filename, disposition: 'inline' ``` -Another (additional) approach is to store the file names in the database and name the files on the disk after the ids in the database. This is also a good approach to avoid possible code in an uploaded file to be executed. The attachment_fu plugin does this in a similar way. +Another (additional) approach is to store the file names in the database and name the files on the disk after the ids in the database. This is also a good approach to avoid possible code in an uploaded file to be executed. The `attachment_fu` plugin does this in a similar way. Intranet and Admin Security ---------------------------