Backbone.js & Rails
backbone is light javascript framework
put different types of code
not mvc
* models
*templates rails view
*views rails controller
JS Code Arrangement. Don't use backbone.js at the first time.
phase 1
first, use rails javascript helpers
it's owesomephase 2 jquery plugin
call back & calback...
-> it's hard to write testphase 3
Page object
$(function(){
MyApp.ImagesNeww.initialize();
})function initialize {
~~.initialize();
~~.initialize();
~~.initialize();
}phase 4 framework
backbone.js in many frameworks
+model mirrorng
+views that handle eventspattern first
Rails === API
first initialize backbone class and class
create navbar extend backbone object
NavBar = backbone.extend({
classname:
initialize:
render:
})var myApp = {
myapp.navbar = new Navbar...
}there were many codes that I cannot understand completely..
Backbone works fine bt consider alternatives
converting and existing app to have more client side behavior
Coffee Script for Rubyst
book: programming in coffee script
Programming Histroy...
PROGRESS.. COBOL -> C -> Java -> CoffeesScript/Ruby?Syntax
$ ->
success = (data) ->
if data.erros?else
$.get('/user')..
- nosemicoon
- curly braces
sometimes no brases make compile error
- no function keyword
- relaxed parenses
- whitespace formatwithArg = [(arg)] ->
Condition
something() if,unless trueObject
someObject =
conf: "rails"
talk: "coffee script"Range
a = [1..100]Heredocs
html = """
html code
"""console.og "Hello #{}" <- Coffee Scrit
splats: multiple argment handling
loops
for key,value of object
for somename in some Array
dosomething for number in numbers <- one liner!!Class
class Employee extends...
constructor: (@options = {}) ->
super
options.salary ?= "$55000"emp = new Employee()
emp.firstName = "mark"salary ?= "$25000"
**Bound Functions**
log = (callback)->
console.log,,
callback();
console.log,,Existential Operator
if foo?
console?.log "foo"
if currentUser?.firstName?
Mobile Rage
problem areas
landing
bottom read
advertising
don't popup
navigation
enough white space
forms
for smart phone...
text_field with auto_complete => off auto_capitalize => off
use url_field
use phone_field
use email_field
Progressive Enhancement on the Mobile Web
johnbenderVagrant is owesome
Smart Phone Browsers
major browsers support
8 books-markup: nojs -> js
-history : hash -> state
it optimizes each browsers
-toolbars: abs, -> fixed
-orientation
-tap vs click
click includes scroll if smartphone..
android is new IE!Jqm on Rails
sample in jonbender's github
-setup
add viewport meta tag
meta name="viewport" content="width=device-widthm initial-scale=1"
<%= stylesheet_link_tag %>
<%= javascript_link_tag %>
script jquery
script jquery-mobilejquery-rails
div data-role="page"
div data-role"header"body
yield
/bodyuse layout partial
<$ render :layout => 'shared.oage',
application.js
$(document).on("mobilinit",function(){
$.mobile.ns "foo-";
})
android back button..
data-dom-cache="true"debug
include_tag debug/
onLoadFailed event callresponsive design
asset pipeline
Securing your site
SQL Injection
find condition = params is danger!
use find_by
use where("email=?", params[:email])
XSS
cookies(:secure_cookie, :httponly => true, :secure => true)
use raw if you want to use raw html
Session management
rails session_store
Rails.application.config.fore_ssl = true
Allow logout(reset_session), Timeout = 45.minutes
Account lockout
no large objects!!
Mass Assignment
X User.create(params[:user])
O User.create(user_params)
def user_params
params[user].slice(:email)
end
use Model attr_protected :admin
attr_accessible :email
Direct object reference
Find user from session at first
use user.notes.create...
/users/:id/
@user = find session:user_id
@user.notes.create...@note.editable_by>(@user)
Redirection
def login
login_business
redirect_to params[:form]
↑ it has security hole
-sanitise file names
def cleanup_filename
-sanitaize file type validates_attatchments :content_type => ..Prosecc asynchronously
Resources
guides.rubyonrails.org/security.html
www.rorsecurity.info
brakemanscanner.org
github.com/relevance/tarantula
www.owasp.org