Mike Dalessio - Rails::HTML5: the strange and remarkable three-year journey - Rails World 2023
Rails 7.1 improved Rails’s security posture and made Rails more friendly with modern browsers by shipping HTML5-compliant sanitizers by default. Great! But the journey there was no a straight road…
@shopify Director of Engineering Mike Dalessio shares the story of planning and executing a complex migration task on a major open-source project, a multi-year journey that started in 2015 with a security vulnerability and ended after coordinating major changes upstream to Action View, Rails::HTML::Sanitizer, Loofah, and Nokogiri, and taking over maintenance of libgumbo.
Slides are online at mike.daless.io/prez/2023/10/06...
Links:
rubyonrails.org/
github.com/rails/rails-html-s...
api.rubyonrails.org/classes/A...
#RailsWorld #RubyonRails #rails #Rails7 #opensource #security #HTML5 #nokogiri #libgumbo #actionview
Thank you Dell APEX for sponsoring the editing and post-production of these videos. Visit them at: dell.com/APEX
Пікірлер: 7
This was a good talk. Solid work ethic too. Thank you for all the work you keep doing for us.
Initially I expected this talk to be about the difference between HTML4 and HTML5 tags (new features). But really we dive much deeper into a whirlwind security, nokogiry, and evolution of the tools that we all rely on. Thanks so much for your work Mike!
@someguyO2W
5 ай бұрын
Yeah. It turned out much better than I expected going in. By leaps and bounds.
24:45 first do the work to make the hard change easy, and than do the easy change. love it!
19:07 👏👏👏👏 Steve!
Thanks for the awesome tech talk. I've learned a bunch of new things and some of them are directly applicable to our app.
Fantastic work, thank you! This also explains why some of my views behaved differently when switching to 7.1 defaults :)