Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.
Summary1:10 with Jay McGavren
You've just built a Sinatra app completely from scratch. Let's review all the concepts we had to learn to get here.
Sinatra has lots more functionality than we can cover in this course. You can learn more on the official Sinatra site.
Because we include the contents of a text file into the
We can prevent this by escaping any HTML code that appears in a page's content - replacing characters that would normally be treated as HTML markup with entities that are shown in the browser instead. For example, the above malicious code would look like this when it's escaped:
But it would look exactly like the original code when viewed in a browser. (It just wouldn't be executed or treated as markup.)
To escape any HTML that might appear in a string, we can call the
Rack::Utils.escape_html method on that string. We can add a method at the top of the
wiki.rb file that does this:
def escape(string) Rack::Utils.escape_html(string) end
Rack::Utils library gets loaded when Sinatra does, so we don't need to
require it or anything.
Now that our new
escape method is defined within
wiki.rb, we can call it within the
show.erb template. We can replace this line:
<p><%= @content %></p>
<p><%= escape @content %></p>
It's generally a good idea to assume that users may enter malicious data into any form you provide to them. Escaping HTML is just one of many techniques developers use to limit the harm that can be done.
Looking to practice what you've learned? Here are some project ideas.
- In the wiki app, add a list of all the available wiki pages. The
Dirclass from Ruby core has an
eachmethod that will let you get a list of all the files in the
pages/subdirectory; you can use those to build clickable links.
- See if you can replicate the guestbook app from this course's code challenges. Add a feature to view a list of all the signatures, then give users the ability to create, update, or delete signatures.
Nice work, you've just built a Sinatra app completely from scratch.
You've learned a lot to get here.
HTTP, GET, POST, PUT and DELETE requests, the paths each request includes,
using those request types and paths to set up Sinatra routes,
embedding data in the ERB templates, using URL and
form parameters to save data, serving static files including CSS style sheets,
and using ERB layouts to get rid of duplicated template code.
Compared to Ruby on Rails, Sinatra is a much simpler framework.
You already know most of the things Sinatra can do.
But remember, practice is essential to making your learning stick.
Be sure to check the teacher's notes for
project ideas as well as resources where you can learn even more.
Also, bear in mind that our first step is a little rough around the edges.
To keep things simple in this introductory course,
we haven't talked much about security.
See the teacher's notes for info on some security issues you should be
aware of before deploying an app like this into the wild.
But you're off to a great start, HTML is great on its own, but
when you combine it with Ruby, you've got the power to make amazing web apps.
I can't wait to see what you create.
You need to sign up for Treehouse in order to download course files.Sign up