王筝的博客
ruby学习

 

http://api.rubyonrails.org/classes/ActionView/Template.html#method-i-local_assigns

 

Returns a hash with the defined local variables.

Given this sub template rendering:

<%= render "shared/header", { headline: "Welcome", person: person } %>
You can use local_assigns in the sub templates to access the local variables:

local_assigns[:headline] # => "Welcome"

 

 

 

current_index = local_assigns[:index] || default_index
from = (local_assigns[:from] || default_from) + ["#{current_index}:#{component.name}"]
version = :v4

 

json.array! component.get_parts_in_order(@status).each_with_index.to_a do |part, index|
          json.partial! 'api/v2/components/component', component: part, from: from, index: index
        end

 

 

 

http://api.rubyonrails.org/classes/Array.html#method-i-second

 

[27] pry(main)> list = ["a", "b", "c", "d"]
=> ["a", "b", "c", "d"]
[28] pry(main)> list.first
=> "a"
[29] pry(main)> list.second
=> "b"
[30] pry(main)> list.third
=> "c"
[32] pry(main)> list.second_to_last
=> "c"q

 

 

 

The SanitizeHelper module provides a set of methods for scrubbing text of undesired HTML elements. These helper methods extend Action View making them callable within your template files.

只允许 sanitize 方法中指定的标签和属性输出到页面,防止注入

 

sanitize(html, options = {})

 

Sanitizes HTML input, stripping all tags and attributes that aren’t whitelisted.

It also strips href/src attributes with unsafe protocols like javascript:, while also protecting against attempts to use Unicode, ASCII, and hex character references to work around these protocol filters.

The default sanitizer is Rails::Html::WhiteListSanitizer. See Rails HTML Sanitizers for more information.

Custom sanitization rules can also be provided.

Please note that sanitizing user-provided text does not guarantee that the resulting markup is valid or even well-formed. For example, the output may still contain unescaped characters like <>, or &.

  • :tags – An array of allowed tags.
  • :attributes – An array of allowed attributes.
  • :scrubber – A Rails::Html scrubber or Loofah::Scrubber object that defines custom sanitization rules. A custom scrubber takes precedence over custom tags and attributes.

 

module AnnouncementsHelper
  def safe_content(content)
    sanitize(content, tags: %w(b br))
  end
end

 

 

<p>
  <strong><%= t 'content' %></strong>
  <%= safe_content @announcement.content %>
</p>

 

 

http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html

 

  def search
    @videos = Video.where("videoid LIKE ? or title LIKE ?", "%#{params[:q]}%", "%#{params[:q]}%")

    render :index
  end 
使用 hash 的写法
  def search
    @videos = Video.where("videoid LIKE :q or title LIKE :q", q: "%#{params[:q]}%")

    render :index
  end

 

 

 

$ ssh -v wangz@gitlab.alibaxx-inc.com

$ git remote ali set-url git@gitlab.alibaxx-inc.com:youk-aaa/xxx.git