JavaScript code on rails console - javascript

I use binding.pry in somewhere in Cabypara code for debugging, and i want to check the value of html element using jQuery.
I can't use debugger, then check the value from browser, because this code is Cabybara code for testing as example:
When /^(?:|I )select "([^"]*)" from "([^"]*)"$/ do |value, field|
select(value, :from => field)
binding.pry
end
How can i check the value of this field by jQuery code as $("##{field}").val() on rails console ?

This answer depends on #apneadiving's comment:
Rails console used for server side only, not for client side, these helper links:
Ruby-on-Rails is server side.
Rails console is useful for testing out quick ideas with code and changing data server-side without touching the website.

You can call binding.pry while Rails is rendering your view, even in the javascript portion of the view.
This is not going to give you access to the the client side code. Like #apneadiving and #mohamed-yakout stated you can't access the client from the server, but it can give the the access to all of the server side information that is available at that moment in the rendering process.
erb:
<script>
// some javascript...
"<% binding.pry %>"
</script>
// Note: You can not do this from `.js` files that are assets of the view without
// adding the `.erb` extension to the javascript files.
This may be helpful in checking values being utilized by JQuery or Javascript and verifying that they are being built correctly at this step in the process. Ex: verifying the collection being used to generate the rows of a table
In your case you could verify the value of field, but not the value of the element found by the id being passed by the field variable.
$("##{field}").val()
This can be helpful when the result of "##{field}" is giving an #unexpected result instead of an #expected one, since you can't access the server side code from the client to determine the rendering problem.
Note: This translates to Slim as well
javascript:
// some javascript...
"#{binding.pry}"

Related

Can my JavaScript code be edited at runtime by (malicious) users?

Can my JavaScript code be edited at runtime by (malicious) users, even when it is uploaded in a web hosting site?
For example if I declare a variable in my script something like:
var myvalue = 2;
I want to know if it can be edited to:
var myvalue = 1;
Short answer: yes.
Anyone can open the browser's Developer Tools and change values, execute arbitrary code, remove or change or edit anything they like.
So if there is anything crucial in your application where an invalid value could cause a security or data validation issue, then, if that data (or data which is derived using that value) is submitted to the server, it must be re-validated using server-side code (which of course cannot be changed) before being accepted.
P.S. Bear in mind that any edits to the code or variable values will only persist until the next time the page is re-loaded. When the page is refreshed, the JavaScript and HTML files will be downloaded again from the server and all code and variable values are reset to their starting state. Assuming there are no other security vulnerabilities in your server, then a malicious user cannot edit the original source code files which are stored there. They can only change the copy which gets loaded into the browser.

Get data access from a website that is developed in AngularJS

I want to create a php app that will check ticket status from FIFA page that is created in angular js.
I tried to get data by using PHP, PHP curl Method, PHP file_get_content(), Jquery, and Javascript but all the time i got empty array.
hopefully there will some restrictions from angular js and server. link is given below please help me to check data from website.
https://tickets.fifa.com/Services/ADService.html?lang=en
You are talking about screen-scraping. Screen-scraping is a fragile solution because if they change the HTML for their page then your application will break.
That said, in your case the reason you got an empty array is because that site's webserver prevents screen-scraping. If you'd checked your php error log you would have seen a 403 forbidden error.
Simply put.. FIFA does not want their data to be stolen and used for purposes other than what they intended it for.

Rails API - helpers for AJAX

I have a normal rails app website, but on some pages I need to use AJAX.
I already have some working AJAX Javascript code using jQuery, but so far I haven't used any rails helper to do that, writing strings corresponding to paths manually.
But is there a more convenient way to do it in javascript ? Suppose I have a javascript function which takes an ID as argument, and must call an AJAX action. So far I've been doing it this way
var url = "/tags/tagID"
function getTag(tag_id){
$.get(url.replace("tagID", tag_id) +'.json')
.fail(function(data){
alert('Oops error !');
})
.success(function( data ) {blabla ] )
}
Is it possible to rename the .js to .js.erb and use path helpers ? So I could get rid of this url variable and write
routes.rb
resources :tags
tags.js.erb
$.get(tag_path("tagID").replace("tagID", tag_id)....
Or is there a more convenient way to do this ? I only need very little AJAX, so I don't want to use a frontend framework (Angular, etc.), just jQuery
EDIT My scenario
A user searches for a given tag thanks to an autocomplete searchbar. This searchbar will return the ID somehow.
The user can select several tags this way, and their IDs will be stored in an array. Now, upon clicking a button, I want to send a query to a non-RESTful (with the ID array as parameter) controller action via AJAX. For now I will focus on sending one item at a time (so just one ID string), for it is easier/more reactive.
This action is actually going to look in my models for projects and ingeneers that possess this tag, and return a JSON with formatted results.
Yes, you can use *.js.erb to use Rails helpers. Rails provides some handy helpers to work with Ajax. Normally with rails you can use them by using the the tag remote: true.
In your case something like
<%= link_to 'Tags', tags_path(<tag.id>), remote: true %> (roughly),
Read more about using Rails helpers with Ajax here, and this explains it nicely.
Update
Rails is using CSRF token to validate requests (except GET), so if you are going to use pure HTML/JavaScript, you want to add the token to your request. Have a look at this post on the same.
I agree there is no out-of-the-box way of doing that, but there are few workarounds.

Can JavaScript variables be easily modified maliciously?

I am setting up a quiz that uses boolean variables for correct/incorrect and then passes those variable values to a PHP script via Ajax for processing and storing in a database.
How easily could someone override the values set by my code with after finding the var names with "view source"?
Yes.
You should send the answers to the server and let the server grade the quiz.
They can do it easily using Chrome/Firebug Console by issuing a Javascript command over there like
var your_var_name = 60;
You must have backend synchronization also to prevent this.
for testing purpose you can use firefox add on firebug or chrome's developer tool kit. Change your javascript variable using inspect element and than perform action of button which posts your data. On server side you should make sure that posted variable must be any of variable that is in option of answer of that question.

i18n in javascript using .properties file

I'm developing a web application with JSF, so I use a Java Properties File (i.e. resources_es_CO.properties) to localize strings for the application and this is working OK.
Mi question is: how can I call localized strings in this kind of files from my javascript validations so alerts show those localized strings to user?
Thanks in advance.
What I do is to send the messages out as part of the page, dropped into hidden <span> tags with "id" values made from the property names.
Alternatively, you could write an Ajax-called action and fetch the properties dynamically.
To do an ajax callback, you'd have to implement a server-side action that would understand something like the property key. The server would just apply the localization (ie look up the property in the locale associated with the session) and then return the string. Alternatively, you could implement a service that'd return a whole set of properties, maybe on a per-form basis, or grouped according to some convention of property names (like, "return all properties that start with 'validation.addressForm'")
The simplest case would look something like this with jQuery:
$.get('/fetchProperty', { property: 'firstNameMissing' }, function(propValue) {
$('#errMsg').text(propValue);
}, "text/plain");
Other frameworks provide similar ajax tools, or you could do the XMLHttpRequest yourself.
you could go to server with an ajax call and send alert texts from server to client and show it. or you could put messages to your page when your jsp's being rendered. both is ok. if you can change language without refreshing the page you probably want to make ajax call. if you can not , putting messages in javascript variables will be easier

Categories

Resources