4. What is Rails?
Ruby on Rails® is an open-source web
framework that’s optimized for
programmer happiness and sustainable
productivity. It lets you write beautiful
code by favoring convention over
con guration.
- http://rubyonrails.org/
5. What is Rails?
Rails is a way to build
web applications quickly
and be able to maintain
them in the future.
6. What is Rails?
Twitter Scribd
Hulu Less Accounting
Basecamp Shopify
Groupon Get Satisfaction
Lighthouse Urban Dictionary
Github Kongregate
25. Responder
class EpisodesController < ApplicationController
respond_to :html, :xml, :json
def index
@episodes = Episode.all
respond_with @episodes
end
end
36. XSS Protection
2. Malicious code in the comments
cause the user to post malicious
code in videos they’re previously
watched.
37. XSS Protection
Rails 3 has protection for this
built in and enabled by
default.
Think hard before using raw
output in views.
38. A side note
Curious about CSRF and XSS attacks?
Hack Miami had presentations about these
vulnerabilities on Saturday, September 18.
Hop in your DeLorean to learn more!
http://hackmiami.org/
39. Unobtrusive
JavaScript
Rails 1 & 2 injected
JavaScript into pages to
make AJAX features work.
40. Unobtrusive
JavaScript
Rails 3 annotates the HTML
with special properties.
41. Unobtrusive
JavaScript
There are drivers for
Prototype, jQuery, and more.
42. No more scripts/*
The scripts directory used to
contain tools for generating
and running your application.
68. The Guts
1. The consumer (client) asks the
provider (server) for a new blank
request token, and sends the user
to the provider with that request
token.
69. The Guts
2. The user authenticates with the
provider, and accepts (or denies)
the authorization the consumer
wants.
70. The Guts
3. The user is redirected back to the
consumer with a request token
bound to that user.
71. The Guts
4. The consumer gives the request
token to the server in exchange for
an access token.
72. The Guts
5. The consumer can use the access
token as authorization.
92. OAuth Con guration
con g/initializers/twitter.rb:
TWITTER_OAUTH_TOKENS = {
:key=>'DCtwdGNS38Sr9JN…',
:secret=>'gJ6RN7Nblq9t…'
}
bb1dd05b
Editor's Notes
Merb started as a smaller, simpler Rails.
Merb didn&#x2019;t force you to use some of the libraries that Rails 1 & 2 did.
In December 2008, the Rails and Merb teams announced they were merging and collaborating on Rails 3.
ActiveRecord: Arel, ActiveModel
ActionController: CSRF protection, ActionController::Responder
ActionView: XSS Protection, Unobtrusive JavaScript
Railties: No more scripts/*
Easily add XML or JSON support to a resource.
Add pagination support for HTML views.
For example, visiting http://malicious.site/ could post a message as you on Twitter.
Unless you go through the work to disable this, you won&#x2019;t have to worry
On a page with 100 AJAX buttons, this could double the size of the page load.
The client downloads a driver once per site, instead of on every page load.
The most &#x201C;gotcha&#x201D; of the rails changes.
When upgrading Rails, these scripts would have to be added to or replaced.
When new versions are released, you won&#x2019;t have to update any scripts.