Notes posted by kieran

RSS feed
November 5, 2008 - (v1.0.0 - v2.1.0)
1 thank

james' note incorrect

The render method in ActionMailer is infact a private method, in all versions (including the new Rails 2.2).

However, spectators note about @template works well. Thanks.

July 28, 2008 - (<= v2.1.0)
0 thanks

Bug that causes escape buildup

There is a bug in this meethod that causes an escape build up when you have links or image urls for example with ampersands in them. Over time, it goes something like this:

& -> &amp; -> &amp;amp; -> &amp;amp;amp; -> &amp;amp;amp;amp; -> etc

This breaks the url so links and images are not clickable/viewable. To fix, simply unescape before you reescape. Works like a charm. We have the following in an initializer, “html_sanitizer_patch.rb”, that fixes this behaviour.

module HTML
  class WhiteListSanitizer < Sanitizer
    protected
    def process_attributes_for(node, options)
      return unless node.attributes
      node.attributes.keys.each do |attr_name|
      value = node.attributes[attr_name].to_s
      if !options[:attributes].include?(attr_name) || contains_bad_protocols?(attr_name, value)
        node.attributes.delete(attr_name)
        else
          node.attributes[attr_name] = attr_name == 'style' ? sanitize_css(value) : CGI::escapeHTML(CGI::unescapeHTML(value))
        end
      end
    end
  end
end
July 28, 2008 - (<= v2.1.0)
0 thanks

Bug that looks for "500 .html" rather than "500.html"

There is a very small bug in this method of Rails that causes error pages you change in public/ not to be shown, because Rails looks for “404 .html” and “500 .html” (note the space). The fix is simple.

#{status.to_s[0..3]}

needs to become

#{status.to_s[0...3]}

If you’re like me and don’t want to edit Rails itself, at the bottom of environment.rb, stick some code that overwrites this method to fix the bug. We have the following:

module ActionController
  class Dispatcher
    class << self
      private
        def failsafe_response_body(status)
          error_path = "#{error_file_path}/#{status.to_s[0...3]}.html"
          if File.exist?(error_path)
            File.read(error_path)
          else
            "<html><body><h1>#{status}</h1></body></html>"
          end
        end
    end
  end
end