Evan Lecklider evanleck
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * English language translations for use in JavaScript. | |
| */ | |
| (function(window, undefined) { | |
| if (window.locales === undefined) { | |
| window.locales = {}; | |
| } | |
| window.locales.en = { | |
| forms: { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //= require locales/en.js | |
| //= require locales/es.js | |
| /* | |
| * Set a global variable `i18n` that contains the current localization strings. | |
| * Locale files create simple objects, we just map it in based on the 'lang' attribute | |
| * of the HTML node. | |
| */ | |
| (function(window, undefined) { | |
| var currentLocale = window.document.documentElement.lang, | |
| generalLocale = currentLocale.split('-')[0], |
evanleck
/ sinatra.rb
Created
December 1, 2015 22:02
Cross-Site Request Forgery Prevention in Sinatra
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| before do | |
| session[:csrf] ||= SecureRandom.hex(32) | |
| response.set_cookie 'authenticity_token', { | |
| value: session[:csrf], | |
| expires: Time.now + (60 * 60 * 24 * 180), # that's 180 days | |
| path: '/', | |
| httponly: true | |
| # secure: true # if you have HTTPS (and you should) then enable this |
evanleck
/ csrf.coffee
Created
December 1, 2015 22:01
Cross-Site Request Forgery Prevention in Sinatra
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $(document).on 'submit', 'form', -> | |
| form = $(this) | |
| method = form.attr('method').toUpperCase() | |
| token = $('meta[name=csrf-token]').attr('content') | |
| # add the CSRF token as a hidden input to the form | |
| if method? and method isnt 'GET' | |
| form.prepend $('<input>', name: '_csrf', type: 'hidden', value: token) |
evanleck
/ layout.erb
Created
December 1, 2015 22:00
Cross-Site Request Forgery Prevention in Sinatra
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <meta name='csrf-token' content='<%= session[:csrf] %>'> |
evanleck
/ validationMessageFor.js
Created
December 1, 2015 21:56
Customizing Native Form Validation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Determine the best message to return based on validity state. | |
| */ | |
| var validationMessageFor = function(element) { | |
| var name = element.nodeName, | |
| type = element.type, | |
| /* Custom, reused messages. */ | |
| emailMessage = "Please enter a valid email address."; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var validateForm = function(submitEvent) { | |
| if (!submitEvent.target.checkValidity()) { | |
| /* Seriously, hold everything. */ | |
| submitEvent.preventDefault(); | |
| submitEvent.stopImmediatePropagation(); | |
| submitEvent.stopPropagation(); | |
| var form = submitEvent.target, | |
| elements = form.elements; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var message = element.validationMessage, | |
| parent = element.parentNode, | |
| div = document.createElement('div'); | |
| /* Add our message to a div with class 'validation-message' */ | |
| div.appendChild(document.createTextNode(message)); | |
| div.classList.add('validation-message'); | |
| /* Add our error message just after element. */ | |
| parent.insertBefore(div, element.nextSibling); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var form = submitEvent.target, | |
| elements = form.elements; | |
| /* Loop through the elements, looking for an invalid one. */ | |
| for (var index = 0, len = elements.length; index < len; index++) { | |
| var element = elements[index]; | |
| if (element.willValidate === true && element.validity.valid !== true) { | |
| /* element is invalid, let's do something! */ | |
| /* break from our loop */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (!submitEvent.target.checkValidity()) { | |
| /* oh noes! */ | |
| } else { | |
| return true; /* everything's cool, the form is valid! */ | |
| } |