Jojo Siao

Icon

enjoying life

Feb 25, 2009 2

Protecting your Rails App from XSS

I am just sharing this cool new plugin I heard from Greg Moreno in twitter.

xss_terminate is a plugin in that makes stripping and sanitizing HTML stupid-simple. Install and forget. And forget about forgetting to h() your output, because you won‘t need to anymore.

But xss_terminate is also flexible. By default, it will strip all HTML tags from user input. This is usually what you want, but sometimes you need users to be able to enter HTML. The plugin allows you remove bad HTML with your choice of two whitelist-based sanitizers, or to skip HTML sanitization entirely on a per-field basis.

link: http://code.google.com/p/xssterminate/

Feb 23, 2009 0

Deploying Rails Apps in Passenger in SubURIs

This is for future reference to other rails developers that uses Passenger, (which might be helpful to beginners as well.)

Steps:
1. create a symbolic link that points to your rails public directory from the DocumentRoot.

2. edit httpd.conf and add VirtualHost.

a.) add DocumentRoot
b.) add RailsBaseURI “< /rails-app-subdir > ”

3. edit environment.rb of your rails app and add at the end of file:
config.action_controller.relative_url_root = “/frendsmo” # with the slash !

Note: I follow these configurations using edge rails.

Feb 19, 2009 0

Video: Writing Multi-Tenant Applications in Rails

Feb 18, 2009 3

Do you still keep the 5 and 10 centavos coins?

I was on board the jeep going to UN Avenue from Divisoria, when another passenger, a female college student, gave a 100 pesos bill to the driver as payment for the transpo. The driver then told the passenger if she  had smaller bills. Because she had no smaller bills, she just gave the driver some 1 peso coins, some several 5 centavo  and 10 centavo coins.  But the driver got mad and just threw away the 5 centavo and 10 centavo coins, saying those coins are really practically no value in the market anyway.

This situation got me to thinking. Do you still keep the 5 centavo and 10 centavo coins? Isn’t this a bad money habit as said by chief tonio that “you wouldn’t be a millionaire if you lack 5 centavos even if you have 999,999.95 pesos” ?

Feb 13, 2009 0

Why restful_authentication RoR plugin is cool

Let me just cite some reasons why this plugin is so cool!

1.)It generates your registration page, and login page. You can opt for the user activation, hashing passwords.

2.)You may also integrate role_requirement plugin with restful_authentication plugin if you want user roles or even MULTIPLE user Roles! (A big thanks to Greg Moreno for telling me about this plugin!)

3.)makes your user registration , login, and (optionally,) activation easier to build within your app!

Read the rest of this entry »

View my FriendFeed
Page Rank