Issues with the current view

The view is a magnet for security issues because it’s code that gets executed in the user’s browser and not on our servers. The OWASP Top Ten is a list of the ten most problematic security risks for a web application. Several of these vulnerabilities can be exploited by allowing unsafe content to be sent to a user’s browser in HTML, CSS, or JavaScript.

When we just use HTML templates, Rails does a great job of preventing these problems. If a user creates a Widget named <strong>HACKED</strong> Stembolts, Rails would escape those <strong> tags so the browser doesn’t ...

Prologue

Getting Started

The Rails Application Architecture

Start Our App Off Right

Business Logic

Routes and URLs

HTML Templates

Helpers

CSS

Minimize JavaScript

Carefully Manage the JavaScript We Need

Testing the View

Models I

The Database

Business Logic Code is a Seam

Models II

End-to-End Testing

Controllers

Jobs

Other Boundary Classes

Authentication and Authorization beyond Rails

API Endpoints

Sustainable Process and Workflows

Operations

Conclusion

Appendices

Use Rails’ APIs to Generate Markup

Issues with the current view