Mike Owens mieko
mieko
/ sanitized_flash.rb
Created
October 14, 2020 03:03
Mixed HTML/Plaintext `flash` messages in Rails 4.1+ JSON cookie serializer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require "rack/utils" | |
| # Rails < 4.1 serialized sessions with Marshal, which could distinguish "html_safe" flash strings | |
| # from unsafe strings because it encoded actual ActiveSupport::SafeBuffer objects. So when the | |
| # flash message came back from the client, its "safe" status was preserved, and it was rendered | |
| # correctly under both circumstances. | |
| # | |
| # This same "magic" ability is also why Rails moved away from it: multiple CVEs due to arbitrary | |
| # object creation. But regardless, that was a *really* nice trick. | |
| # |
mieko
/ rubocop-schema.json
Created
November 24, 2021 07:52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "http://json-schema.org/draft-07/schema", | |
| "title": "RuboCop configuration schema", | |
| "description": "Schema for RuboCop configuration files (e.g. .rubocop.yml), intended for helping IDEs provide autocompletion and validation.", | |
| "type": "object", | |
| "additionalProperties": false, | |
| "definitions": { | |
| "inherit_mode": { | |
| "type": "object", | |
| "minProperties": 1, |
OlderNewer