For a while, I have felt that the following is the correct way to improve the mass assignment problem without increasing the burden on new users. Now that the problem with the Rails default has been brought up again, it's a good time to revisit it.
When creating a form with form_for, include a signed token including all of the fields that were created at form creation time. Only these fields are allowed.
To allow new known fields to be added via JS, we could add:
| /** | |
| * Read Linux mouse(s) in node.js | |
| * Author: Marc Loehe ([email protected]) | |
| * | |
| * Adapted from Tim Caswell's nice solution to read a linux joystick | |
| * http://nodebits.org/linux-joystick | |
| * https://github.com/nodebits/linux-joystick | |
| */ | |
| var fs = require('fs'), |
| # Setup | |
| # ===== | |
| # | |
| # Put this gist in Rails.root/config/initializers/cancan.rb | |
| # Add Squeel to Gemfile, see https://github.com/ernie/squeel | |
| # | |
| # gem "squeel", "~> 0.9.3" | |
| # | |
| # Load Squeel hash and symbol extensions in squeel config initializer | |
| # |
by Jonathan Rochkind, http://bibwild.wordpress.com
Capistrano automates pushing out a new version of your application to a deployment location.
I've been writing and deploying Rails apps for a while, but I avoided using Capistrano until recently. I've got a pretty simple one-host deployment, and even though everyone said Capistrano was great, every time I tried to get started I just got snowed under not being able to figure out exactly what I wanted to do, and figured I wasn't having that much trouble doing it "manually".
| <!doctype html> | |
| <!-- http://taylor.fausak.me/2015/01/27/ios-8-web-apps/ --> | |
| <html> | |
| <head> | |
| <title>iOS 8 web app</title> | |
| <!-- CONFIGURATION --> |
| // fraction / rational number class | |
| // @author zz85 | |
| Vex.Flow.Fraction = function(numerator, denominator) { | |
| this.set(numerator, denominator); | |
| }; | |
| Vex.Flow.Fraction.prototype.constructor = Vex.Flow.Fraction; | |
| Vex.Flow.Fraction.prototype.set = function(numerator, denominator) { | |
| this.numerator = numerator === undefined ? 1 : numerator; |
| # somewhere in your middleware stack... | |
| # request.env['yourapp.someid'] = "1337" | |
| YourApp::Application.configure do | |
| config.log_tags = [ | |
| -> request { | |
| request.env['yourapp.someid'] | |
| } | |
| ] | |
| end |
Hi. My name is Sadayuki "Sada" Furuhashi. I am the author of the MessagePack serialization format as well as its implementation in C/C++/Ruby.
Recently, MessagePack made it to the front page of Hacker News with this blog entry by Olaf, the creator of the Facebook game ZeroPilot. In the comment thread, there were several criticisms for the blog post as well as MessagePack itself, and I thought this was a good opportunity for me to address the questions and share my thoughts.
To the best of my understanding, roughly speaking, the criticisms fell into the following two categories.
| /* | |
| * FormData for XMLHttpRequest 2 - Polyfill for Web Worker (c) 2012 Rob W | |
| * License: Creative Commons BY - http://creativecommons.org/licenses/by/3.0/ | |
| * - append(name, value[, filename]) | |
| * - toString: Returns an ArrayBuffer object | |
| * | |
| * Specification: http://www.w3.org/TR/XMLHttpRequest/#formdata | |
| * http://www.w3.org/TR/XMLHttpRequest/#the-send-method | |
| * The .append() implementation also accepts Uint8Array and ArrayBuffer objects | |
| * Web Workers do not natively support FormData: |
| class ApplicationPermitter | |
| class PermittedAttribute < Struct.new(:name, :options) ; end | |
| delegate :authorize!, :to => :ability | |
| class_attribute :permitted_attributes | |
| self.permitted_attributes = [] | |
| class << self | |
| def permit(*args) | |
| options = args.extract_options! |
