Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@rails/ujs
Advanced tools
@rails/ujs is a JavaScript library that provides Unobtrusive JavaScript (UJS) helpers for Ruby on Rails applications. It helps in handling common JavaScript behaviors in a Rails application, such as handling AJAX requests, form submissions, and link clicks, without writing custom JavaScript code.
Handling AJAX Requests
This feature allows you to handle AJAX requests by simply adding `data-remote="true"` to your HTML elements. The @rails/ujs library will automatically handle the AJAX request and response.
// HTML
<a href="/some_path" data-remote="true">Click me</a>
// JavaScript
import Rails from '@rails/ujs';
Rails.start();
// This will automatically handle the AJAX request for the link with data-remote="true"
Form Submission
This feature allows you to submit forms via AJAX by adding `data-remote="true"` to your form elements. The @rails/ujs library will handle the form submission and response without requiring custom JavaScript.
// HTML
<form action="/some_path" method="post" data-remote="true">
<input type="text" name="example" />
<input type="submit" value="Submit" />
</form>
// JavaScript
import Rails from '@rails/ujs';
Rails.start();
// This will automatically handle the form submission via AJAX
Confirmation Dialogs
This feature allows you to add confirmation dialogs to your links and buttons by adding `data-confirm="Are you sure?"`. The @rails/ujs library will show a confirmation dialog before proceeding with the action.
// HTML
<a href="/some_path" data-confirm="Are you sure?">Delete</a>
// JavaScript
import Rails from '@rails/ujs';
Rails.start();
// This will automatically show a confirmation dialog before proceeding with the link action
jquery-ujs is a similar library that provides Unobtrusive JavaScript helpers for Rails applications using jQuery. It offers similar functionalities such as handling AJAX requests, form submissions, and confirmation dialogs. However, it requires jQuery as a dependency, whereas @rails/ujs does not.
Stimulus is a JavaScript framework that complements Rails by providing a way to add behavior to HTML elements. While it is not a direct replacement for @rails/ujs, it can be used to achieve similar functionalities by writing custom controllers. Stimulus offers more flexibility and control over the behavior of your application.
= Action View
Action View is a framework for handling view template lookup and rendering, and provides view helpers that assist when building HTML forms, Atom feeds and more. Template formats that Action View handles are ERB (embedded Ruby, typically used to inline short Ruby snippets inside HTML), and XML Builder.
You can read more about Action View in the {Action View Overview}[https://edgeguides.rubyonrails.org/action_view_overview.html] guide.
== Download and installation
The latest version of Action View can be installed with RubyGems:
$ gem install actionview
Source code can be downloaded as part of the Rails project on GitHub:
== License
Action View is released under the MIT license:
== Support
API documentation is at
Bug reports for the Ruby on Rails project can be filed here:
Feature requests should be discussed on the rails-core mailing list here:
FAQs
Ruby on Rails unobtrusive scripting adapter
The npm package @rails/ujs receives a total of 382,536 weekly downloads. As such, @rails/ujs popularity was classified as popular.
We found that @rails/ujs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.