- Safe ERB This tool will help you safeguard your application against cross site scripting attacks. It raises an error anytime you try to render an object without the h() or html_escape() methods in place. Keep in mind that you should only use this if you are starting a new project or have a very good set of tests that cover everything in your app. This will raise errors, so if the two aforementioned situations are not yours, keep away from this project if you want to keep your sanity.
- Spider TestI just recently found this plugin while searching for ways to do integration testing that would hit every link in the application. This plugin goes a step futher though. Every time it finds a form it will mutate the form inputs and try to cause errors by throwing crazy data at it. I plan on helping out this project quite a bit when I can because it's really an awesome tool that will make your integration testing life a whole lot easier.
Tools you should be using now if you aren't already
January 2nd, 2008
I have run across some great tools for developing rails apps that you should be adding to your toolkit if you haven't already.
2 Responses to “Tools you should be using now if you aren't already”
Sorry, comments are closed for this article.
Am I the only one who does not get why in the hell Rails doesn't just 'h' things by default? I've always wondered that. Thanks fo rthe spider test. Will have to try it out. -Joe
January 2nd, 2008 at 04:01 PM
We struggled with that same question. We even thought about patching Erb so that it did that by default. The only problem is that since the Rails core has gone the path they did changing it now would break a lot of people's applications so it's pretty much a bust. Looks like they should have taken a page out of the Django book and done it right in the first place.
January 3rd, 2008 at 05:44 AM