Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
Is there a possibility to check if a key is pressed in Ruby?
For example:
In CoffeeScript/JavaScript, you are able to say:
$(document).keypress event, ->
alert event.keyCode
Is this possible in Ruby as well? (I know, I could use NodeJS instead of Rails, but that's not my question)
Since Ruby is not interpreted in your browser like JavaScript, it cannot do what you are trying to do by itself. The browser never gets to see any of your Ruby code but only the resulting HTML (and JS) after your controller finished the appropriate method for a request.
Rails is REST based, so each request is executed separately and no state is kept between requests, save for the information in a cookie or similar means. It is not constantly running, waiting for a reply or something like that.
However, you can simply embed JS code like you posted within your Ruby templates. This JS can then check for a keypress event and send a new (AJAX) request to the server for some additional actions. You will need to process the returned values and manually display them using JS code.
If your page or application would make heavy use of such dynamic features, other languages might be a better fit.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 3 years ago.
Improve this question
I need to build a RSS feeder in Go and I guess I did not understand some key concepts. To make it clear, I ask that question.
Is there any standard for number of last fetched news in XML file?
Should RSS document needs to be generated when requested? I mean should the client get always the latest news?
Here is the Go part. I will use https://github.com/gorilla/feeds library. It basically generates RSS XML. But it does not provide a publishing way.
Should I serve RSS XML document from a REST endpoint? If I do, is it okay for RSS clients?
You may say that first I should search on the internet and I did. Most of the articles talks about parsing and fetching from a RSS Feeder.
Is there any standard for number of last fetched news in XML file?
No. And it also varies between feeds. This also makes sense since there are some sites which produces lots of new content and others only few.
Should RSS document needs to be generated when requested? I mean should the client get always the latest news?
That's completely up to the server. But in many cases it is likely more efficient if the server creates a static file whenever new news were added instead of dynamically creating the same output again and again for each client. This also makes it easy to provide caching information (i.e. ETag or similar) and let the client retrieve the full content only if changed.
Should I serve RSS XML document from a REST endpoint? If I do, is it okay for RSS clients?
This does not really matter. The URL for the RSS can be anything you want, but you have to publish it so that RSS readers know where to get the RSS.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
Imagine you have a web page which has some static contents and some dynamic contents based on the user's session. For example, you may see a webpage with a menu at top of the page which displays username but the remaining content is completely cachable and static.
There could be a simple solution to achieve that:
You can handle the dynamic part of the page in the client side with ajax request (which is not cachable) e.g. single page applications.
There may be another solution that client sends a request to a middleware(e.g. API Gateway) and the middleware fetches static part from cache and dynamic part from the backend then returns aggregated content to the client.
In my idea, the worst solution is to disable the cache.
What Facebook is doing, loads dynamic part at first request, and loads remaining contents with XHR requests.
Questions:
What is the best practice for this issue?
What would be the drawback of the second solution?
What do you think about Stackoverflow top menu that displays your username?
An AJAX request (or fetch, or any other HTTP based request) may well be cached by using a RESTful service.
For more fine grained controll over what should be cached you could use a service worker, for example by adding https://developers.google.com/web/tools/workbox/ to your application.
If your dynamic data has to be updated live, you should also have a look at WebSockets. Depending on your stack you could use a wrapper library like SignalR, socket.io or simply follow one of the tutorials at http://websocketd.com/
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
What are the risks of letting users edit their laravel blade views in order for them to edit the theme they are using?
Each user will have a folder created for them in the views folder containing their template made of blade.php files. There they can edit the html and access the $php_variables to display. Or is there a better way?
Thanks
First off all there is the risk that your user creates vulnerabilities unintentionally. In example, if he does not escape an output correctly, another user could inject a malicious script (XSS) and then exploit your application. For laravel, this could happen by using {!! !!} instead of {{ }}.
Then there is the risk that your users wants to exploit your application himself by adding malicious code. Since blade templates are php files, he could do anything. And don't forget that he could execute javascript too.
Without knowing any more, it is hard to find a better solution. Depending on what your application is supposed to do, you should adapt the security.
For max security, i would filter the submitted content and delete all javascript and php, except for {{}}. For {{}}, check that the variables inside are allowed (create a list with allowed variable). Also make sure that he can not execute any other code inside the {{}}.
Block any external (and maybe even internal) link calls, since an attacker could load malicious script from another server/source. This goes for <img>, <link> etc... And no, it is not enough to simply block some file extensions.
Please read the blade doc and make sure any other way for code execution is blocked, i.e.
#php
//
#endphp
If you want to create such a filter, check out this link, maybe it will help you to start. Please do a lot of research in order to be sure that you application is secure. And don't forget to secure the rest of you application too ;-)
Also check out the OWASP PHP Security Cheat Sheet
EDIT: Of course there are several other ways to handle this. You could review each template yourself (if there are limited users), you could let the user choose between multiple templates (no edit), you could block all php&javascript and use "shortcodes" which you then replace by your controlled php code(basically your own template engine) etc.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I'm writing a blog application in Sinatra, and I want to collect some visit statistics.
As of now, I'm only thinking of getting more or less reliable visit statistics per user (that is, page visits grouped by users). Maybe later I'll want to get some client-related information (i.e., user agent).
How do I do that?
While you can use Sinatra to do this, the technology has already been implemented in other ways. I think the easiest solution is to put a piece of Javascript on the frontend that records this information for you. The most popular library for doing this is Google Analytics. This will give you far more information than you could easily capture yourself (screen size, device, etc..), and in a very clean format.
My idea to do it:
Use Rack sessions to determine the visitor ID;
Store the hits in a database table
Write a Thor task to unload it into something human-readable.
I'll appreciate any critique of this idea and/or any other ideas to do it.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
What is the diffrence between Ajax and autocomplete function.
I know autocomplete is a software function that completes words or strings without the user needing to type them in full.
Ajax is similar to it + other functions.
AJAX stands for "Asynchronous JavaScript and XML" and offers an alternative to the traditional "request-respond-cicle".
With AJAX you can get data from the server without your browser having to re-render the whole page.
Autocomplete on the other hand side mostly uses AJAX to get possible results on every key hit by the users.
Read more about AJAX here:
http://en.wikipedia.org/wiki/Ajax_(programming)
Autocomplete works only using data suggestions from the cache, Ajax works using data suggestions from the server in addition to the data from the cache.
Using Ajax, we can render certain parts of a web page without a rendering the whole web page, which significantly reduces the network bandwidth.