Code Security is very important nowadays, so I thought I'd show everyone how to automatically strip off any HTML, javascript, css, etc. tags in ruby on rails. Many malicious users often try to type in code that execute when another person is looking at what they typed(like a forum post, for instance). Some security issues caused by this are XSS(Cross Site Scripting) and CSRF(Cross Site Request Forgery). So if someone is going to enter in ANY text that will show up on your site, I'd recommend that you clean their text of code before it's entered into your website/software.

Here's how to clean a normal string:



 
Also, another handy thing you can do is clean everything going into
your  database. This code will automatically clean any string or text
data in your database. You don't even have to enter in the name of
the columns you want cleaned.  All you have to do is change the name of the model(it's in orange below) and then enter in the code into your class model, ie: product.rb. And it will take care of the cleaning
for you:




Keep in mind that this code will clean out ANYTHING that is in tags,
such as: <br><b><whatever><cheese><etc>

 

    

Hey Everyone! Just a quick note, Amethyst 0.1.4 was released tonight. We fixed some issues with the RSS feed, and also added a CAPTCHA capability to prevent spammers from adding annoying comments. As always, you can try it out in the Amethyst Demo. Enjoy! 

     I was looking around for a quick couple of lines of code that would search out any string for a swear word and replace it with a cleaner word. I had a little trouble finding an easy example, so here's one for you. I use a modified version of this script for a lot of my applications:

 $ nano filter_swear_words.rb

So when we run the script, here's what we get:

$ ruby filter_swear_words.rb

    

        Well, now that the new version of ruby on rails is out(2.0.2), everything should be new and improved. I do like a lot of things in the new version of rails but many of my apps are written in previous versions(like 1.2.6) and I'd like to keep them that way, for now. Rails 2.x is pretty good, but it's missing a lot of old rails core commands(like the old rest-less script/generate scaffold), that I happen to use sometimes. Also, a lot of people deploy rails applications in shared hosting environments and other places where they don't have the permissions to reinstall old versions of rails via gem, so here's an alternative. Here we will actually freeze the older version of rails to our application. In this example, I'll be downgrading ruby on rails 2.0.2 to 1.2.6. 

First, create a new rails application(we'll call it app):

     $ rails app

Then, cd into the directory:

     $ cd app

Now we will download the version of rails you want(here we will grab 1.2.6, but you can get any version) from the rails archive:

Note: you can do this a couple of different ways, this is using svn

     $ svn co http://dev.rubyonrails.org/svn/rails/tags/rel_1-2-6/

Copy and rename the downloaded folder to vendor/rails: 

     $ mv rel_1-2-6/ vendor/rails

Note: Rails looks automatically for a vendor/rails folder before using the server-wide ruby on rails libraries(aka gems). Having them stored this way is called "freezing" your gems.

Now all we have to do is replace the 2.0.2 version of  config/environment.rb file with a copy of the 1.2.6 version:  

     $ mv config/environment.rb config/environment.rb.original

     $ nano -w config/environment.rb

Here I'm using the linux text editor, nano. You can also use emacs, vi, notepad, textpad, or whatever you want. Basically, we're going to create a new empty file named config/environment.rb and paste this code into it:

If you used the nano command(which I am using in this example), you can save the file by pressing CTRL + O(hold down the ctrl key and hit O), and then CTRL + X. 

That's it! You can now confirm that your using rails 1.2.6 by running this command:

      $ script/about

 You should see the version of rails now being 1.2.6, like so: 

 

    

 

 

    It's that time again. We released another application this month! Today we released Amethyst to the public. It's a blogging application written in ruby on rails. It's very simple, clean, and straightforward. Keep in mind that it's our first release, so it's in beta(though we've tested it quite a bit, just like anything else we release). Our blog runs on amethyst, so check it out and see what you think. If you have any suggestions, let us know!

    If you're interested in the Amethyst blog software, you can try out a demo or download it at the project page here:

 http://www.hulihanapplications.com/projects_amethyst.php

Enjoy!