Ruby on Rails Resources

This page contains some bits of code created by our developers and released as Free Software (under the MIT licence)

OutputStreams and FlashMessages

OutputStreams plugin allows for safe handling of data coming in mixed form (html and plain text). Each part of the stream is marked as coming in one of the forms - and is escaped to the proper output format if needed. Currently it only knows how to escape plain text for embedding in html code, but can be easily extended.

Download output_streams (developer: Pawel Stradomski)

FlashMessages is application of OutputStreams suited especially for flash messages. With this plugin you can easily embed HTML in flash messages without worrying that you could risk XSS vulnerability if you forgot to escape some user-supplied data that gets displayed in the flash message. It also aims at allowing multiple messages to share one severity level.

Download flash_messages (developer: Pawel Stradomski)

Expose

This plugin changes the default policy of allowing access (via HTTP) to all public methods of controllers through all HTTP methods.

With this plugin, each method must be explicitly exposed (hence the name) to specific set of HTTP verbs.

This prevents some common mistakes like making a filter method public or forgetting to add proper verify rule to prevent using GET against actions that should only allow POST.

Download expose (developer: Pawel Stradomski)

---