I was reading Katz's Safe Buffer article while trying to upgrade our side to Rails 3. We have a lot of helpers that build up fairly complex html/css bits from data we know is safe (we're doing things like large menus).
Unfortunately - if I'm reading Katz's article right - it seems like you need to mark everything html_safe or you get escaped.
I'm wondering if anyone has come up with a simple hack to turn this functionality off on a module/method/block level yet? I was looking at the code in Rails that does this and it doesn't look all the trivial to override.
I believe you have a couple "easy" solutions:
Modify the helpers by hand so that they return html_safe'd strings
Iterate over the methods (module?) and use alias to alias them to, say, _unsafe_helper_name, and then have helper_name return _unsafe_helper_name.html_safe
Use the raw method in your views. Calling raw on output turns off Rails 3's built in protection and outputs the string just as it is with no escaping.
Related
In my WebAPI, I have a change password method. It takes a parameter that is a class that contains two properties: "OldPassword" and "NewPassword".
Obviously, i do not want to pass that thru query strings, i want em passed into the body.
As soon as I use the FromBody attribute, the Swagger UI no longer offers a nice form with two textbox, it turns into a single JSON blob.
I'd like to mix those behaviors, provide a form but format the input into json that would match the schema.
I tried playing around with OperationFilters but couldn't achieve anything similar.
I'm sure this is pretty common, but my google and stackoverflow searches haven't returned anything. Perhaps i'm not searching for the proper keywords. Unsure.
Decided to stick with json blob in the body as it is the decison that makes the most sense, design wise.
I got it working with FromHeader, but considering that this is not the way this API should be consumed, we prefered to stick with designing for the actual use case and not around Swagger's features and limiations.
Thanks for the answers!
I'm not sure this is the right place to ask this. I would like to know how best to style parts of messages from l10n properties files. For example, my client want this message and formatting in a help window:
This is a self-assessment and comparison application.
Simplest solution would be to include the HTML tags in the messages.properties entry for this label. The problem with that is that the 40 translators that will process the messages.properties are bound to make mistakes like deleting the <, translating the attributes or styles of the HTML markup etc. Also it makes maintaining the markup and styling difficult for the devs.
Any better way to do this?
The solution I've seen typically done just uses th:utext with HTML tags in the .properties files. I would opine it does create a maintenance hassle as you mention and should be kept to a minimum.
One workaround is to create separate strings in some cases, like:
<span th:text=#{thisIsA}>This is a </span><strong><span th:text="#{selfAssessment}">self-assessment</span></strong>
However, this is error-prone since certain languages may change the order of the words. So that's not a great option.
If the HTML tags specifically are an issue, another way albeit somewhat ugly could be:
thisIsASelfAssessment=This is a {0}self-assessment{1}.
Or even
thisIsA=This is a {0}.
selfAssessment=self-assessment
But that might be confusing for the next developer reading it and may introduce the same issue you have with the 40 translators looking at it since you have curly braces. It also all becomes very tedious and generates more lines.
So in the end, you're likely best going with the simplest solution of utext.
Project-wise, you could have the initial translation done without the markup and add the markup in after they are done with a first pass at translating it. The issue may arise in the future when you need to change strings, but doing this would minimize some headache. It could make sense to keep these strings in a separate block in the .properties file so you can target them later.
Good question as I've had this issue myself.
I do not have control of how this data is stored (I know as normalized data would be better for sql), because it is saved via the WordPress GravityForms plugin. The plugin uses a serialized array to define the question id (field_id), question label (label). My goal is to extract these three values in the following format:
field_id label
1 1. I know my organization’s mission (what it is trying to accomplish).
2 2. I know my organization’s vision (where it is trying to go in the future).
Here is the serialized array.
Can anyone please provide a specific example as to how to parse these values out with sql?
A specific example, no. This kind of stuff is complex. If your are working with straight json-formatted data, here are several options, none of which are simple.
You can build your own parser. Yuck.
You can upgrade everything you have to just-released SQL 2016, and hope that the built-in json tools do what you need (I've heard iffy things about them, but don't know what their final form is like. Too, updating all your database servers right now, oh sure.)
Phil Factor over on SimpleTalk built a json T-SQL parser (https://www.simple-talk.com/sql/t-sql-programming/consuming-json-strings-in-sql-server/). It looks horrible and may run poorly, but it would do the needful.
Buried in the comments of that article are links to a CLR tool that John Galt built (at https://github.com/jgcoding/J-SQL). I have used this successfully, though I haven't done anything too complex. (If you're json is relatively simple, this could do the trick.)
There are other json parsers for SQL out there, some free, some for sale. The key thing would be to not try and write your own, but rather find and use someone else's solution that addresses your requirements.
I want to make a vertical line going through the middle of the site and then have content on either side. How can I use CSS or ruby? to do this? I am not sure which one I would need and where I would put it. Also, what is the best resource for learning the syntax of the ruby on rails views/CSS stuff. It seems that rubyonrails.org doesn't have much documentation on that (they mostly explain the models and controllers)
I would suggest you start with something like: https://github.com/softmachine/rails-bootstrap
They provide a link to http://twitter.github.com/bootstrap/ which has plenty of documentation.
The next step, would be to ask a more specific question related to the exact problem you're having.
From your description it sounds like you need css, and depending on the nature of of the information you want to display, you might need to use ruby/rails to make it happen. Most likely, you could just use css.
see: http://jsfiddle.net/aTUq8/
I'm currently using NHibernate, for the first time, with Fluent NHibernate. I've gotten everything setup nicely, however now I've come to actual doing some data retrieval, it seems to have fallen short.
I was expecting NHibernate, to allow me to do something like:
session.CreateCriteria<TblDocket>()
.Add(Restrictions.Eq(x=> x.DocketNumber, "10101"));
However, this doesn't appear to be the case and I seem to have to write:
session.CreateCriteria<TblDocket>()
.Add(Restrictions.Eq("DocketNumber", "10101"));
That'll be less-than-wonderful when I rename any properties! I've always though hard coded strings in code is bad, especially when the strings relate to property names.
Is there any way I can strongly type these restrictions? I had a look at this blog post, but it seems quite messy, is there a nicer solution?
I decided to use NHibernate.Linq instead. I found a brilliant tutorial here.
You can't using out-of-the-box NHibernate.
There is a project called NHibernate Lambda Extensions which allows you to do this with some limitations.
since NHibernate 3.0 there is also QueryOver available which are a nice typesafe wrapper around the criteria API.
session.QueryOver<TblDocket>()
.Where(x => x.DocketNumber, "10101");
For anyone who comes along this post and doesn't like linq or isn't too familiar with lambda you can still safely use ICrierta's such as
session.CreateCriteria<TblDocket>().Add(Restrictions.Eq("DocketNumber", "10101"));
what you need is helper classes so you can remove the magic strings such as "DocketNumber" so that if you do change your property names or column names these are taken care of for you or will atleast produce a build error so you know before you publish your code.
Anyone wanting to see an example can have a look at NhGen ( http://sourceforge.net/projects/nhgen/ ) and the query examples at https://sourceforge.net/projects/nhgen/forums/forum/1169117/topic/3789112 which show how helpers classes can be used like.
// Find using a simple entity query
IList<IMessage> messageList3 = messageDao.Find( new [] { Restrictions.Le(MessageHelper.Columns.Date, dateLastChecked) } );
Note that this project also created entity wrapper classes which group all your common CRUD methods into one class (xxxDao as show above) so you don't have to keep copying the same code over and over again.