automatic import from ryanb/railscasts-episodes

README

@@ -0,0 +1,9 @@
+Railscasts Episode #204: XSS Protection in Rails 3
+
+http://railscasts.com/episodes/204
+
+Commands
+  rails c
+  "foo".html_safe?
+  safe = "safe".html_safe
+  safe.html_safe?

blog/.gitignore

@@ -0,0 +1,4 @@
+.bundle
+db/*.sqlite3
+log/*.log
+tmp/**/*

blog/Gemfile

@@ -0,0 +1,24 @@
+# Edit this Gemfile to bundle your application's dependencies.
+source 'http://gemcutter.org'
+
+
+gem "rails", "3.0.0.beta"
+
+## Bundle edge rails:
+# gem "rails", :git => "git://github.com/rails/rails.git"
+
+# ActiveRecord requires a database adapter. By default,
+# Rails has selected sqlite3.
+gem "sqlite3-ruby", :require => "sqlite3"
+
+## Bundle the gems you use:
+# gem "bj"
+# gem "hpricot", "0.6"
+# gem "sqlite3-ruby", :require => "sqlite3"
+# gem "aws-s3", :require => "aws/s3"
+
+## Bundle gems used only in certain environments:
+# gem "rspec", :group => :test
+# group :test do
+#   gem "webrat"
+# end

blog/README

@@ -0,0 +1 @@
+Railscasts example application.

blog/Rakefile

@@ -0,0 +1,10 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+Rails::Application.load_tasks

blog/app/controllers/application_controller.rb

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+end

blog/app/controllers/articles_controller.rb

@@ -0,0 +1,45 @@
+class ArticlesController < ApplicationController
+  def index
+    @articles = Article.all
+  end
+
+  def show
+    @article = Article.find(params[:id])
+    @comment = Comment.new(:article => @article)
+  end
+
+  def new
+    @article = Article.new
+  end
+
+  def create
+    @article = Article.new(params[:article])
+    if @article.save
+      flash[:notice] = "Successfully created article."
+      redirect_to @article
+    else
+      render :action => 'new'
+    end
+  end
+
+  def edit
+    @article = Article.find(params[:id])
+  end
+
+  def update
+    @article = Article.find(params[:id])
+    if @article.update_attributes(params[:article])
+      flash[:notice] = "Successfully updated article."
+      redirect_to @article
+    else
+      render :action => 'edit'
+    end
+  end
+
+  def destroy
+    @article = Article.find(params[:id])
+    @article.destroy
+    flash[:notice] = "Successfully destroyed article."
+    redirect_to articles_url
+  end
+end

blog/app/controllers/comments_controller.rb

@@ -0,0 +1,44 @@
+class CommentsController < ApplicationController
+  def index
+    @comments = Comment.all
+  end
+
+  def show
+    @comment = Comment.find(params[:id])
+  end
+
+  def new
+    @comment = Comment.new
+  end
+
+  def create
+    @comment = Comment.new(params[:comment])
+    if @comment.save
+      flash[:notice] = "Successfully created comment."
+      redirect_to article_url(@comment.article_id)
+    else
+      render :action => 'new'
+    end
+  end
+
+  def edit
+    @comment = Comment.find(params[:id])
+  end
+
+  def update
+    @comment = Comment.find(params[:id])
+    if @comment.update_attributes(params[:comment])
+      flash[:notice] = "Successfully updated comment."
+      redirect_to @comment
+    else
+      render :action => 'edit'
+    end
+  end
+
+  def destroy
+    @comment = Comment.find(params[:id])
+    @comment.destroy
+    flash[:notice] = "Successfully destroyed comment."
+    redirect_to comments_url
+  end
+end

blog/app/helpers/application_helper.rb

@@ -0,0 +1,5 @@
+module ApplicationHelper
+  def strong(content)
+    "<strong>#{h(content)}</strong>".html_safe
+  end
+end

blog/app/helpers/articles_helper.rb

@@ -0,0 +1,2 @@
+module ArticlesHelper
+end

blog/app/helpers/comments_helper.rb

@@ -0,0 +1,2 @@
+module CommentsHelper
+end

blog/app/helpers/layout_helper.rb

@@ -0,0 +1,22 @@
+# These helper methods can be called in your template to set variables to be used in the layout
+# This module should be included in all views globally,
+# to do so you may need to add this line to your ApplicationController
+#   helper :layout
+module LayoutHelper
+  def title(page_title, show_title = true)
+    @_content_for[:title] = page_title.to_s
+    @show_title = show_title
+  end
+
+  def show_title?
+    @show_title
+  end
+
+  def stylesheet(*args)
+    content_for(:head) { stylesheet_link_tag(*args) }
+  end
+
+  def javascript(*args)
+    content_for(:head) { javascript_include_tag(*args) }
+  end
+end

blog/app/models/article.rb

@@ -0,0 +1,3 @@
+class Article < ActiveRecord::Base
+  has_many :comments
+end

blog/app/models/comment.rb

@@ -0,0 +1,3 @@
+class Comment < ActiveRecord::Base
+  belongs_to :article
+end

blog/app/views/articles/_form.html.erb

@@ -0,0 +1,12 @@
+<% form_for @article do |f| %>
+  <%= f.error_messages %>
+  <p>
+    <%= f.label :name %><br />
+    <%= f.text_field :name %>
+  </p>
+  <p>
+    <%= f.label :content %><br />
+    <%= f.text_area :content %>
+  </p>
+  <p><%= f.submit "Submit" %></p>
+<% end %>

blog/app/views/articles/edit.html.erb

@@ -0,0 +1,8 @@
+<% title "Edit Article" %>
+
+<%= render 'form' %>
+
+<p>
+  <%= link_to "Show", @article %> |
+  <%= link_to "View All", articles_path %>
+</p>

blog/app/views/articles/index.html.erb

@@ -0,0 +1,11 @@
+<% title "Articles" %>
+
+<div id="articles">
+<% for article in @articles %>
+  <h2>
+    <%= link_to article.name, article %>
+    <span class="comments">(<%= pluralize(article.comments.size, 'comment') %>)</span>
+  </h2>
+  <div class="content"><%= article.content %></div>
+<% end %>
+</div>

blog/app/views/articles/new.html.erb

@@ -0,0 +1,5 @@
+<% title "New Article" %>
+
+<%= render 'form' %>
+
+<p><%= link_to "Back to List", articles_path %></p>

blog/app/views/articles/show.html.erb

@@ -0,0 +1,18 @@
+<% title @article.name %>
+
+<p class="author"><em>from <%= @article.name %></em></p>
+
+<%= @article.content %>
+
+<p><%= link_to "Back to Articles", articles_path %></p>
+
+<% unless @article.comments.empty? %>
+  <h2><%= pluralize(@article.comments.size, 'comment') %></h2>
+
+  <div id="comments">
+  <%= render @article.comments %>
+  </div>
+<% end %>
+
+<h3>Add your comment:</h3>
+<%= render :partial => 'comments/form' %>

blog/app/views/comments/_comment.html.erb

@@ -0,0 +1,4 @@
+<div class="comment">
+  <%= strong link_to(comment.name, comment.url) %>
+  <p><%= comment.content %></p>
+</div>

blog/app/views/comments/_form.html.erb

@@ -0,0 +1,17 @@
+<% form_for @comment do |f| %>
+  <%= f.error_messages %>
+  <%= f.hidden_field :article_id %>
+  <p>
+    <%= f.label :name %><br />
+    <%= f.text_field :name %>
+  </p>
+  <p>
+    <%= f.label :url, 'Website URL' %><br />
+    <%= f.text_field :url %>
+  </p>
+  <p>
+    <%= f.label :content, "Comment" %><br />
+    <%= f.text_area :content, :rows => 12, :cols => 35 %>
+  </p>
+  <p><%= f.submit "Submit" %></p>
+<% end %>

blog/app/views/comments/edit.html.erb

@@ -0,0 +1,8 @@
+<% title "Edit Comment" %>
+
+<%= render 'form' %>
+
+<p>
+  <%= link_to "Show", @comment %> |
+  <%= link_to "View All", comments_path %>
+</p>

blog/app/views/comments/index.html.erb

@@ -0,0 +1,21 @@
+<% title "Comments" %>
+
+<table>
+  <tr>
+    <th>Name</th>
+    <th>URL</th>
+    <th>Content</th>
+  </tr>
+  <% for comment in @comments %>
+    <tr>
+      <td><%= comment.name %></td>
+      <td><%= comment.url %></td>
+      <td><%= comment.content %></td>
+      <td><%= link_to "Show", comment %></td>
+      <td><%= link_to "Edit", edit_comment_path(comment) %></td>
+      <td><%= link_to "Destroy", comment, :confirm => 'Are you sure?', :method => :delete %></td>
+    </tr>
+  <% end %>
+</table>
+
+<p><%= link_to "New Comment", new_comment_path %></p>

blog/app/views/comments/new.html.erb

@@ -0,0 +1,5 @@
+<% title "New Comment" %>
+
+<%= render 'form' %>
+
+<p><%= link_to "Back to List", comments_path %></p>

blog/app/views/comments/show.html.erb

@@ -0,0 +1,20 @@
+<% title "Comment" %>
+
+<p>
+  <strong>Name:</strong>
+  <%= @comment.name %>
+</p>
+<p>
+  <strong>URL:</strong>
+  <%= @comment.url %>
+</p>
+<p>
+  <strong>Content:</strong>
+  <%= @comment.content %>
+</p>
+
+<p>
+  <%= link_to "Edit", edit_comment_path(@comment) %> |
+  <%= link_to "Destroy", @comment, :confirm => 'Are you sure?', :method => :delete %> |
+  <%= link_to "View All", comments_path %>
+</p>

blog/app/views/layouts/application.html.erb

@@ -0,0 +1,22 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+  <head>
+    <title><%= h(yield(:title) || "Untitled") %></title>
+    <%= stylesheet_link_tag 'application' %>
+    <%= yield(:head) %>
+  </head>
+  <body>
+    <div id="container">
+      <%- flash.each do |name, msg| -%>
+        <%= content_tag :div, msg, :id => "flash_#{name}" %>
+      <%- end -%>
+      
+      <%- if show_title? -%>
+        <h1><%=h yield(:title) %></h1>
+      <%- end -%>
+      
+      <%= yield %>
+    </div>
+  </body>
+</html>

blog/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Blog::Application