Kasper Timm Hansen kaspth
kaspth
/ scrub_that_api.rb
Last active
December 18, 2015 04:58
A new API proposal for custom HTML scrubbing.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # By switching out the html-scanner lib with Loofah, we can make use of the custom HTML scrubbers within Loofah to get more control over what gets sanitized. | |
| # This could be useful in apps where users submit text content. | |
| # Say Twitter in an alternate universe allows users to format their tweets using some HTML tags. They then need a way to specify what tags are black- and/or whitelisted. | |
| # This is an example of how it could work in a model. | |
| class Comment < ActiveRecord::Base | |
| # block based | |
| # block takes a node | |
| scrubs :body do |node| |
kaspth
/ failures.txt
Last active
December 19, 2015 02:48
The failures I'm seeing in sanitizers_test.rb.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # In actionview dir run tests with | |
| # rake test TEST=test/template/sanitizers_test.rb | |
| 1) Failure: | |
| SanitizerTest#test_should_not_fall_for_xss_image_hack_4 [actionview/test/template/sanitizers_test.rb:173]: | |
| Expected: "<img>" | |
| Actual: "<img>alert(\"XSS\")\">" | |
| 2) Failure: |
kaspth
/ old_css_select.rb
Last active
December 20, 2015 00:09
An attempt to absolve css_select and assert_select from their argument parsing. To make the code more declarative and stuff... The order of arguments:
0: html element (optional)
1: selector
2: comparator
3: message
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def css_select(*args) | |
| # See assert_select to understand what's going on here. | |
| arg = args.shift | |
| if arg.is_a?(HTML::Node) | |
| root = arg | |
| arg = args.shift | |
| elsif arg == nil | |
| raise ArgumentError, "First argument is either selector or element to select, but nil found. Perhaps you called assert_select with an element that does not exist?" | |
| elsif defined?(@selected) && @selected |
kaspth
/ Event.m
Last active
August 29, 2015 13:57
— forked from sdbeng/Event.m
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import "Event.h" | |
| #import "AFNetworking.h" // it does not depend of AFNetworking at the moment, so I'd delete it | |
| @implementation Event | |
| // change the id here to instancetype, read more here http://nshipster.com/instancetype/ | |
| - (id)init | |
| { | |
| return [self initWithTitle:@"defaultTitle" detail:@"defaultDetail"]; // don't need to assign self | |
| } |
kaspth
/ to_proc.rb
Created
June 28, 2014 20:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This: | |
| class String | |
| def to_proc | |
| split('.').to_proc | |
| end | |
| end | |
| class Array | |
| def to_proc | |
| lambda do |obj| |
kaspth
/ upgrade_encrypted_secrets.rb
Last active
December 6, 2022 12:23
A script to update encrypted secrets to use improved encryption.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Download this to your Rails app directory and run with: | |
| # bin/rails runner upgrade_encrypted_secrets.rb | |
| # Everything below here is private API and not something your app should use. | |
| Rails::Secrets.singleton_class.prepend Module.new { | |
| def decrypt(data) | |
| cipher = OpenSSL::Cipher.new("aes-256-cbc").decrypt | |
| cipher.key = key | |
| cipher.update(data) << cipher.final | |
| end |
kaspth
/ after_runnable.rb
Created
September 14, 2017 16:49
`Minitest.after_runnable` callbacks to execute after every test class method has been run… it might even work!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # minitest uses Gem.find_files, so this should be somewhere on the load path: | |
| # $LOAD_PATH/minitest/after_runnable_plugin.rb | |
| class Minitest | |
| class AfterRunnableReporter < AbstractReporter | |
| def initialize(after_runnable, methods) | |
| @after_runnable, @methods = after_runnable, methods | |
| end | |
| def prerecord(klass, name) | |
| @methods[klass].delete(name) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ruby's Enumerable has `partition` to split it into true and false groups. | |
| evens, odds = 1.upto(5).partition(&:even?) | |
| evens # => [ 2, 4 ] | |
| odds # => [ 1, 3, 5 ] | |
| # But what if you have more than 2 segments? Well, here I'm playing with one way to do it. | |
| # Respectively outputs: | |
| # [[:first, :first], [:second, :second], [:third, :third]] | |
| # [[:first, :first], [:second, :third, :second, :third]] |
kaspth
/ scope_with_class_methods.rb
Created
July 1, 2022 11:22
`scope` extension to allow marking a class method as a scope.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # In Active Record, class method scopes have to remember to return `all` otherwise they're break the call chain. | |
| # | |
| # def self.some_scope = nil # Assume more complex conditions that would result in a branch that accidentally didn't return `all`. | |
| # | |
| # User.some_scope.first # => raises NoMethodError `first' for NilClass | |
| # | |
| # Note: Active Record ensures a `scope :some_scope, -> { nil }` returns `all` via `|| all` here: | |
| # https://github.com/rails/rails/blob/c704da66de59262f4e88824589ae4eddefb6ed4a/activerecord/lib/active_record/scoping/named.rb#L181 | |
| # | |
| # Now, this extension allows you to mark a class method as a scope, so you don't have to remember and the code is more clearly demarcated too. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # All these requires are just for running via `irb`, if using `bin/rails console` you probably just need the method. | |
| require "active_support/all" # Got an inflector NoMethodError, so I'm just being lazy here. | |
| require "action_dispatch" | |
| require "action_dispatch/routing/route_set" | |
| require "action_dispatch/routing/inspector" | |
| require "action_controller" # For the ActionController::Parameters autoload, which any route helper uses. | |
| # Console helper play around with the routing DSL and tweak an individual route you're building. |
OlderNewer