Use Rails’ APIs to Generate Markup
Learn about Rails APIs and how they generate markups.
We'll cover the following
Issues with the current view
The view is a magnet for security issues because it’s code that gets executed in the user’s browser and not on our servers. The OWASP Top Ten is a list of the ten most problematic security risks for a web application. Several of these vulnerabilities can be exploited by allowing unsafe content to be sent to a user’s browser in HTML, CSS, or JavaScript.
When we just use HTML templates, Rails does a great job of preventing these problems. If a user creates a Widget named <strong>HACKED</strong> Stembolts
, Rails would escape those <strong>
tags so the browser doesn’t render them.
Generating markups
Problems can occur when we generate markup in Ruby code, which is often what our helpers (or presenter methods) need to do. For example, we could’ve implemented our styled_widget_id
helper like so:
Get hands-on with 1200+ tech skills courses.