Use Rails’ APIs to Generate Markup

Learn about Rails APIs and how they generate markups.

We'll cover the following

Issues with the current view
Generating markups

Issues with the current view

The view is a magnet for security issues because it’s code that gets executed in the user’s browser and not on our servers. The OWASP Top Ten is a list of the ten most problematic security risks for a web application. Several of these vulnerabilities can be exploited by allowing unsafe content to be sent to a user’s browser in HTML, CSS, or JavaScript.

When we just use HTML templates, Rails does a great job of preventing these problems. If a user creates a Widget named <strong>HACKED</strong> Stembolts, Rails would escape those <strong> tags so the browser doesn’t render them.

Generating markups

Problems can occur when we generate markup in Ruby code, which is often what our helpers (or presenter methods) need to do. For example, we could’ve implemented our styled_widget_id helper like so:

Get hands-on with 1200+ tech skills courses.

Prologue

Getting Started

The Rails Application Architecture

Start Our App Off Right

Business Logic

Routes and URLs

HTML Templates

Helpers

CSS

Minimize JavaScript

Carefully Manage the JavaScript We Need

Testing the View

Models I

The Database

Business Logic Code is a Seam

Models II

End-to-End Testing

Controllers

Jobs

Other Boundary Classes

Authentication and Authorization beyond Rails

API Endpoints

Sustainable Process and Workflows

Operations

Conclusion

Appendices

Use Rails’ APIs to Generate Markup

Issues with the current view

Generating markups