Posts

find . -type f -size 0 -print0 | xargs -0 rm -f ...

Think you’ve protected your site against Cross-Site scripting attacks by escaping all the content that you’ve rendered? Thought about your javascript? Here’s a neat bug that got us today. This example is contrived to show a point. <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>XSS Example</title> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js"></script> <script> $(function() { $('#users').each(function() { var select = $(this); var option = select.children('option').first(); select.after(option.text()); select.hide(); }); }); </script> </head> <body> <form method="post"> <p> <select id="users" name="users"> <option value="bad">&lt;script&gt;alert(&#x27;xss&#x27;);&lt;/script&gt;</option> </select> </p> </form> </body> </html> See the problem?...

Most java developers have at least heard of Freemarker. FreeMarker is a “template engine”; a generic tool to generate text output (anything from HTML to autogenerated source code) based on templates. It’s a Java package, a class library for Java programmers. It’s not an application for end-users in itself, but something that programmers can embed into their products. It is the “generic” nature of Freemarker that trips up java web developers....

Sam Newman recently published a very interesting blog entry on using fabric to apply puppet scripts on remote machines. He left the provision_using_boto() method as an exercise to the reader. That just sounded tempting enough to be a challenge since I hadn't gotten around to looking at boto. You can find the result of my attempt on GitHub. To be precise aws.py implements the provisioning using boto and fabfile.py drives fabric and puppet....

A number of the sites that I manage for fun are simply static web pages. The dynamic nature is handled by javascript classes and plugins. This means that I really don’t need or want an application server to serve these sites, but I do want to still use some of the practices that I apply to web application development. Enter webby - it works by combining the contents of a page with a layout to produce HTML....

I've been using FPM to build native packages for applications for the last few months and so far I cannot believe just how cool it is. It can create RPMs and DEBs from ruby gems, python modules, node packages and even directories. The last one is very useful for packaging up stand-alone java apps. Check it out, you may like it too....

It is now possible to invalidate objects (files) in AWS CloudFront distributions. Handy when someone, like me, occasionally publishes files with the wrong content type. Here is how I implement this invalidation in python....

I cannot stand Maven. It makes me nauseous. However that does not seem to be the case for other institutionalised developers. Here’s what I did on a project where I wanted to isolate its craziness and still use jruby and rake. namespace :maven do M2_HOME = "binaries/apache-maven-3.0.3" desc "Run the maven package goal" task :package => :clean do mvn "package" end desc "Run the application" task :application => :clean do mvn "test-compile", "exec:java", "-Dexec....

On a few projects now I’ve used jruby with rake. I know that I can use rvm and just fetch the gems per project, but for developers stuck on windows that way is a little more than difficult. So here’s how I package up rubygems in a JAR. mkdir gemjar java -jar jruby-complete-1.6.3.jar -S gem install -i ./gemjar haml --version 3.1.2 --no-rdoc --no-ri java -jar jruby-complete-1.6.3.jar -S gem install -i ....

Here’s a neat way of using ivy with jruby, rake & ant. task :ivy_retrieve do ant.taskdef :resource => "org/apache/ivy/ant/antlib.xml" do classpath :location => "ivy/ivy-2.2.0.jar" end ant.configure :file => "ivy/ivysettings.xml" ant.resolve :file => "ivy/ivy.xml" ant.retrieve :pattern => "lib/[conf]/[type]/[artifact]-[revision].[ext]", :sync => "true" puts end Still using ant, still angle bracket free (except for ivy, sigh). Read my previous post if you want to know more about jruby, rake and ant....