Rails 3 提供了 match 方法供我们自定义 routes,然而我们要小心使用它以避免“跨站脚本攻击”(XSS Attack)。比如像这样的 routes:
注:(r3 代表 Rails 3,r4 代表 Rails 4)
# routes.rb
Fred Liang ilstar
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| WITH table_scans as ( | |
| SELECT relid, | |
| tables.idx_scan + tables.seq_scan as all_scans, | |
| ( tables.n_tup_ins + tables.n_tup_upd + tables.n_tup_del ) as writes, | |
| pg_relation_size(relid) as table_size | |
| FROM pg_stat_user_tables as tables | |
| ), | |
| all_writes as ( | |
| SELECT sum(writes) as total_writes | |
| FROM table_scans |
jberkus
/ New New Index Bloat Query
Last active
August 28, 2019 05:56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| WITH btree_index_atts AS ( | |
| SELECT nspname, relname, reltuples, relpages, indrelid, relam, | |
| regexp_split_to_table(indkey::text, ' ')::smallint AS attnum, | |
| indexrelid as index_oid | |
| FROM pg_index | |
| JOIN pg_class ON pg_class.oid=pg_index.indexrelid | |
| JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace | |
| JOIN pg_am ON pg_class.relam = pg_am.oid | |
| WHERE pg_am.amname = 'btree' | |
| ), |
anonymous
/ Remove Duplicates
Created
May 4, 2013 02:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -kill -r -domain local -domain system -domain user && killall Finder |
nightire
/ Changes in Rails 4_1.md
Last active
September 28, 2025 09:55
拥抱 Rails 4 —— 详述 Rails 4 的新变化
markpundsack
/ heroku-CVE-2013-0156.rb
Last active
November 27, 2023 15:44
— forked from elliottkember/heroku-CVE-2013-0156.rb
Forked from https://gist.github.com/4489689 by elliottkember. CVE-2013-0156 is a nasty vulnerability in many versions of Rails. This script checks all your Heroku apps for this vulnerability in one quick (slow) move. More info: https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## The quick-and-nasty CVE-2013-0156 Heroku inspector! | |
| ## Originally brought to you by @elliottkember with changes by @markpundsack @ Heroku | |
| ## Download and run using: | |
| ## ruby heroku-CVE-2013-0156.rb | |
| `heroku list`.split("\n").each do |app| | |
| app = app.strip | |
| # Some "heroku apps" lines have === formatting for grouping. They're not apps. | |
| next if app[0..2] == "===" |
justinfx
/ enc_dec_test.py
Last active
October 16, 2022 13:28
Speed test of common serializers on python 2.7.2 (pickle, cPickle, ujson, cjson, simplejson, json, yajl, msgpack)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Dependencies: | |
| pip install tabulate simplejson ujson yajl msgpack | |
| """ | |
| from timeit import timeit | |
| from tabulate import tabulate | |
| setup = '''d = { | |
| 'words': """ |
them0nk
/ rspec_rails_cheetsheet.rb
Created
March 23, 2012 03:39
Rspec Rails cheatsheet (include capybara matchers)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Model | |
| @user.should have(1).error_on(:username) # Checks whether there is an error in username | |
| @user.errors[:username].should include("can't be blank") # check for the error message | |
| #Rendering | |
| response.should render_template(:index) | |
| #Redirecting | |
| response.should redirect_to(movies_path) |
ghostbar
/ app.coffee
Created
February 12, 2012 01:49
How to read session from Redis with Express + Socket.IO in CoffeeScript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class App | |
| express = require 'express' | |
| redis = require 'redis' | |
| RedisStore = require('connect-redis')(express) | |
| sessionStore = new RedisStore() | |
| # These will be used only on ioController() | |
| fs = require 'fs' | |
| parseCookie = require('connect').utils.parseCookie |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| 12306 Auto Login => A javascript snippet to help you auto login 12306.com. | |
| Copyright (C) 2011 Kevintop | |
| Includes jQuery | |
| Copyright 2011, John Resig | |
| Dual licensed under the MIT or GPL Version 2 licenses. | |
| http://jquery.org/license | |
| Includes 12306.user.js |
NewerOlder