bgror

BetterFavicon for Google »

Created at: 13.01.2009 00:27, source: Robby on Rails, tagged: Off-Topic programming firefox google greasemonkey javascript

Not loving Google’s new favicon too much?

Check out my quick and dirty hack… BetterFavicon for Firefox. (greasemonkey required)

Install it here: http://userscripts.org/scripts/show/40367

Enjoy!

Allowing custom CSS in your app »

Created at: 31.12.2008 23:33, source: caboose - blog.caboo.se Home, tagged: javascript rails ruby

There are a number of good reasons why you don't want your users providing their own CSS (for example, when theming their site). These are: taste (see: myspace) and security.

The former is pretty much your users' problem. The pages don't have to look terrible -- and in fact Myspace charges a LOT of money to do those custom movie or band pages (it's part of the service when you buy their primo ad space).

The latter, well, as it turns out there are a bunch of security vulnerabilities exposed in CSS. While these are mainly in IE, related to expressions (you can run javascript from your CSS). This means that users can steal others' sessions. So, while there are some excellent perl libraries out there for this, there hasn't been one for ruby -- until now! (at least that I could find).

So, here's my first attempt.

css_file_sanitize (github)

I stole most of the tests from LiveJournal's css sanitizing library, and rewrote the implementation in Ruby. I'd love to hear your collective feedback. It's a really lazy plugin; in fact, while it does have tests, you're best to just include the module in your model. This is a case of "it works on my machine" so send your patches!