tainted_love 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.github/probots.yml +2 -0
- data/.gitignore +12 -0
- data/.rspec +3 -0
- data/.rubocop.yml +1188 -0
- data/.ruby-version +1 -0
- data/.travis.yml +7 -0
- data/CODE_OF_CONDUCT.md +73 -0
- data/Gemfile +8 -0
- data/Gemfile.lock +57 -0
- data/LICENSE.txt +21 -0
- data/README.md +85 -0
- data/Rakefile +8 -0
- data/bin/console +15 -0
- data/bin/setup +10 -0
- data/bin/test +7 -0
- data/dev.yml +28 -0
- data/docs/TaintedLove.html +482 -0
- data/docs/TaintedLove/Configuration.html +499 -0
- data/docs/TaintedLove/Replacer.html +129 -0
- data/docs/TaintedLove/Replacer/ActionViewHelpersMod.html +230 -0
- data/docs/TaintedLove/Replacer/Base.html +320 -0
- data/docs/TaintedLove/Replacer/HelperMod.html +226 -0
- data/docs/TaintedLove/Replacer/HelpersMod.html +230 -0
- data/docs/TaintedLove/Replacer/MarshalMod.html +178 -0
- data/docs/TaintedLove/Replacer/ObjectMod.html +282 -0
- data/docs/TaintedLove/Replacer/ReplaceActionController.html +329 -0
- data/docs/TaintedLove/Replacer/ReplaceActionView.html +317 -0
- data/docs/TaintedLove/Replacer/ReplaceActiveRecord.html +341 -0
- data/docs/TaintedLove/Replacer/ReplaceDigest.html +369 -0
- data/docs/TaintedLove/Replacer/ReplaceFile.html +245 -0
- data/docs/TaintedLove/Replacer/ReplaceKernel.html +211 -0
- data/docs/TaintedLove/Replacer/ReplaceMarshal.html +219 -0
- data/docs/TaintedLove/Replacer/ReplaceObject.html +231 -0
- data/docs/TaintedLove/Replacer/ReplaceRailsUserInput.html +374 -0
- data/docs/TaintedLove/Replacer/ReplaceSprokets.html +297 -0
- data/docs/TaintedLove/Replacer/SprocketsHelperMod.html +226 -0
- data/docs/TaintedLove/Reporter.html +117 -0
- data/docs/TaintedLove/Reporter/Base.html +466 -0
- data/docs/TaintedLove/Reporter/RackReporter.html +309 -0
- data/docs/TaintedLove/Reporter/SinatraReporter.html +402 -0
- data/docs/TaintedLove/Reporter/SinatraReporter/App.html +210 -0
- data/docs/TaintedLove/Reporter/StdoutReporter.html +305 -0
- data/docs/TaintedLove/SinatraReporter.html +387 -0
- data/docs/TaintedLove/SinatraReporter/App.html +210 -0
- data/docs/TaintedLove/StackTrace.html +650 -0
- data/docs/TaintedLove/Utils.html +550 -0
- data/docs/TaintedLove/Validator.html +129 -0
- data/docs/TaintedLove/Validator/ActionViewObjectSend.html +233 -0
- data/docs/TaintedLove/Validator/Base.html +200 -0
- data/docs/TaintedLove/Validator/ErbEval.html +229 -0
- data/docs/TaintedLove/Validator/RedisStoreSerialization.html +238 -0
- data/docs/TaintedLove/Validator/SproketsMarshal.html +233 -0
- data/docs/TaintedLove/Warning.html +665 -0
- data/docs/_index.html +371 -0
- data/docs/class_list.html +51 -0
- data/docs/css/common.css +1 -0
- data/docs/css/full_list.css +58 -0
- data/docs/css/style.css +496 -0
- data/docs/file.README.html +134 -0
- data/docs/file_list.html +56 -0
- data/docs/frames.html +17 -0
- data/docs/index.html +134 -0
- data/docs/js/app.js +292 -0
- data/docs/js/full_list.js +216 -0
- data/docs/js/jquery.js +4 -0
- data/docs/method_list.html +523 -0
- data/docs/top-level-namespace.html +110 -0
- data/example/.gitignore +31 -0
- data/example/.ruby-version +1 -0
- data/example/Gemfile +67 -0
- data/example/Gemfile.lock +226 -0
- data/example/README.md +24 -0
- data/example/Rakefile +8 -0
- data/example/app/assets/config/manifest.js +3 -0
- data/example/app/assets/images/.keep +0 -0
- data/example/app/assets/javascripts/application.js +16 -0
- data/example/app/assets/javascripts/cable.js +13 -0
- data/example/app/assets/javascripts/channels/.keep +0 -0
- data/example/app/assets/javascripts/products.coffee +3 -0
- data/example/app/assets/stylesheets/application.css +15 -0
- data/example/app/assets/stylesheets/products.scss +3 -0
- data/example/app/assets/stylesheets/scaffolds.scss +84 -0
- data/example/app/channels/application_cable/channel.rb +6 -0
- data/example/app/channels/application_cable/connection.rb +6 -0
- data/example/app/controllers/application_controller.rb +4 -0
- data/example/app/controllers/concerns/.keep +0 -0
- data/example/app/controllers/products_controller.rb +77 -0
- data/example/app/controllers/test_cases_controller.rb +20 -0
- data/example/app/helpers/application_helper.rb +4 -0
- data/example/app/helpers/products_helper.rb +4 -0
- data/example/app/helpers/test_cases_helper.rb +4 -0
- data/example/app/jobs/application_job.rb +4 -0
- data/example/app/mailers/application_mailer.rb +6 -0
- data/example/app/models/application_record.rb +5 -0
- data/example/app/models/concerns/.keep +0 -0
- data/example/app/models/product.rb +4 -0
- data/example/app/views/layouts/application.html.erb +15 -0
- data/example/app/views/layouts/mailer.html.erb +13 -0
- data/example/app/views/layouts/mailer.text.erb +1 -0
- data/example/app/views/products/_form.html.erb +32 -0
- data/example/app/views/products/_product.json.jbuilder +4 -0
- data/example/app/views/products/edit.html.erb +6 -0
- data/example/app/views/products/index.html.erb +31 -0
- data/example/app/views/products/index.json.jbuilder +3 -0
- data/example/app/views/products/new.html.erb +5 -0
- data/example/app/views/products/show.html.erb +19 -0
- data/example/app/views/products/show.json.jbuilder +3 -0
- data/example/app/views/test_cases/xss.html.erb +10 -0
- data/example/bin/bundle +5 -0
- data/example/bin/rails +11 -0
- data/example/bin/rake +11 -0
- data/example/bin/setup +38 -0
- data/example/bin/spring +18 -0
- data/example/bin/update +33 -0
- data/example/bin/yarn +11 -0
- data/example/config.ru +7 -0
- data/example/config/application.rb +21 -0
- data/example/config/boot.rb +6 -0
- data/example/config/cable.yml +10 -0
- data/example/config/credentials.yml.enc +1 -0
- data/example/config/database.yml +25 -0
- data/example/config/environment.rb +7 -0
- data/example/config/environments/development.rb +63 -0
- data/example/config/environments/production.rb +96 -0
- data/example/config/environments/test.rb +48 -0
- data/example/config/initializers/application_controller_renderer.rb +10 -0
- data/example/config/initializers/assets.rb +16 -0
- data/example/config/initializers/backtrace_silencers.rb +9 -0
- data/example/config/initializers/content_security_policy.rb +27 -0
- data/example/config/initializers/cookies_serializer.rb +7 -0
- data/example/config/initializers/filter_parameter_logging.rb +6 -0
- data/example/config/initializers/inflections.rb +18 -0
- data/example/config/initializers/mime_types.rb +6 -0
- data/example/config/initializers/tainted_love.rb +7 -0
- data/example/config/initializers/wrap_parameters.rb +16 -0
- data/example/config/locales/en.yml +33 -0
- data/example/config/puma.rb +36 -0
- data/example/config/routes.rb +10 -0
- data/example/config/spring.rb +8 -0
- data/example/config/storage.yml +34 -0
- data/example/db/migrate/20190311220346_create_products.rb +13 -0
- data/example/db/schema.rb +23 -0
- data/example/db/seeds.rb +9 -0
- data/example/lib/assets/.keep +0 -0
- data/example/lib/tasks/.keep +0 -0
- data/example/log/.keep +0 -0
- data/example/package.json +5 -0
- data/example/public/404.html +67 -0
- data/example/public/422.html +67 -0
- data/example/public/500.html +66 -0
- data/example/public/apple-touch-icon-precomposed.png +0 -0
- data/example/public/apple-touch-icon.png +0 -0
- data/example/public/favicon.ico +0 -0
- data/example/public/robots.txt +1 -0
- data/example/storage/.keep +0 -0
- data/example/test/application_system_test_case.rb +7 -0
- data/example/test/controllers/.keep +0 -0
- data/example/test/controllers/products_controller_test.rb +66 -0
- data/example/test/controllers/test_cases_controller_test.rb +39 -0
- data/example/test/fixtures/.keep +0 -0
- data/example/test/fixtures/files/.keep +0 -0
- data/example/test/fixtures/products.yml +11 -0
- data/example/test/helpers/.keep +0 -0
- data/example/test/integration/.keep +0 -0
- data/example/test/mailers/.keep +0 -0
- data/example/test/models/.keep +0 -0
- data/example/test/models/product_test.rb +9 -0
- data/example/test/replacers/replace_active_record_test.rb +31 -0
- data/example/test/replacers/replace_sprokets_test.rb +8 -0
- data/example/test/system/.keep +0 -0
- data/example/test/system/products_test.rb +49 -0
- data/example/test/test_helper.rb +37 -0
- data/example/tmp/.keep +0 -0
- data/example/vendor/.keep +0 -0
- data/lib/tainted_love.rb +57 -0
- data/lib/tainted_love/configuration.rb +16 -0
- data/lib/tainted_love/replacer/base.rb +25 -0
- data/lib/tainted_love/replacer/replace_action_controller.rb +61 -0
- data/lib/tainted_love/replacer/replace_action_view.rb +39 -0
- data/lib/tainted_love/replacer/replace_active_record.rb +47 -0
- data/lib/tainted_love/replacer/replace_digest.rb +39 -0
- data/lib/tainted_love/replacer/replace_file.rb +32 -0
- data/lib/tainted_love/replacer/replace_kernel.rb +44 -0
- data/lib/tainted_love/replacer/replace_marshal.rb +19 -0
- data/lib/tainted_love/replacer/replace_object.rb +30 -0
- data/lib/tainted_love/replacer/replace_rails_user_input.rb +59 -0
- data/lib/tainted_love/replacer/replace_sprokets.rb +25 -0
- data/lib/tainted_love/replacer/replace_yaml.rb +28 -0
- data/lib/tainted_love/reporter/base.rb +47 -0
- data/lib/tainted_love/reporter/file_reporter.rb +28 -0
- data/lib/tainted_love/reporter/stdout_reporter.rb +30 -0
- data/lib/tainted_love/stack_trace.rb +46 -0
- data/lib/tainted_love/utils.rb +80 -0
- data/lib/tainted_love/validator/action_view_object_send.rb +15 -0
- data/lib/tainted_love/validator/base.rb +16 -0
- data/lib/tainted_love/validator/erb_eval.rb +13 -0
- data/lib/tainted_love/validator/redis_store_serialization.rb +13 -0
- data/lib/tainted_love/validator/sprokets_marshal.rb +15 -0
- data/lib/tainted_love/version.rb +5 -0
- data/lib/tainted_love/warning.rb +30 -0
- data/tainted_love.gemspec +31 -0
- metadata +315 -0
data/example/Rakefile
ADDED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
# Add your own tasks in files placed in lib/tasks ending in .rake,
|
|
4
|
+
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
|
|
5
|
+
|
|
6
|
+
require_relative 'config/application'
|
|
7
|
+
|
|
8
|
+
Rails.application.load_tasks
|
|
File without changes
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
// This is a manifest file that'll be compiled into application.js, which will include all the files
|
|
2
|
+
// listed below.
|
|
3
|
+
//
|
|
4
|
+
// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, or any plugin's
|
|
5
|
+
// vendor/assets/javascripts directory can be referenced here using a relative path.
|
|
6
|
+
//
|
|
7
|
+
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
|
8
|
+
// compiled file. JavaScript code in this file should be added after the last require_* statement.
|
|
9
|
+
//
|
|
10
|
+
// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
|
|
11
|
+
// about supported directives.
|
|
12
|
+
//
|
|
13
|
+
//= require rails-ujs
|
|
14
|
+
//= require activestorage
|
|
15
|
+
//= require turbolinks
|
|
16
|
+
//= require_tree .
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
// Action Cable provides the framework to deal with WebSockets in Rails.
|
|
2
|
+
// You can generate new channels where WebSocket features live using the `rails generate channel` command.
|
|
3
|
+
//
|
|
4
|
+
//= require action_cable
|
|
5
|
+
//= require_self
|
|
6
|
+
//= require_tree ./channels
|
|
7
|
+
|
|
8
|
+
(function() {
|
|
9
|
+
this.App || (this.App = {});
|
|
10
|
+
|
|
11
|
+
App.cable = ActionCable.createConsumer();
|
|
12
|
+
|
|
13
|
+
}).call(this);
|
|
File without changes
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* This is a manifest file that'll be compiled into application.css, which will include all the files
|
|
3
|
+
* listed below.
|
|
4
|
+
*
|
|
5
|
+
* Any CSS and SCSS file within this directory, lib/assets/stylesheets, or any plugin's
|
|
6
|
+
* vendor/assets/stylesheets directory can be referenced here using a relative path.
|
|
7
|
+
*
|
|
8
|
+
* You're free to add application-wide styles to this file and they'll appear at the bottom of the
|
|
9
|
+
* compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
|
|
10
|
+
* files in this directory. Styles in this file should be added after the last require_* statement.
|
|
11
|
+
* It is generally better to create a new file per style scope.
|
|
12
|
+
*
|
|
13
|
+
*= require_tree .
|
|
14
|
+
*= require_self
|
|
15
|
+
*/
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
body {
|
|
2
|
+
background-color: #fff;
|
|
3
|
+
color: #333;
|
|
4
|
+
margin: 33px;
|
|
5
|
+
font-family: verdana, arial, helvetica, sans-serif;
|
|
6
|
+
font-size: 13px;
|
|
7
|
+
line-height: 18px;
|
|
8
|
+
}
|
|
9
|
+
|
|
10
|
+
p, ol, ul, td {
|
|
11
|
+
font-family: verdana, arial, helvetica, sans-serif;
|
|
12
|
+
font-size: 13px;
|
|
13
|
+
line-height: 18px;
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
pre {
|
|
17
|
+
background-color: #eee;
|
|
18
|
+
padding: 10px;
|
|
19
|
+
font-size: 11px;
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
a {
|
|
23
|
+
color: #000;
|
|
24
|
+
|
|
25
|
+
&:visited {
|
|
26
|
+
color: #666;
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
&:hover {
|
|
30
|
+
color: #fff;
|
|
31
|
+
background-color: #000;
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
th {
|
|
36
|
+
padding-bottom: 5px;
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
td {
|
|
40
|
+
padding: 0 5px 7px;
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
div {
|
|
44
|
+
&.field, &.actions {
|
|
45
|
+
margin-bottom: 10px;
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
#notice {
|
|
50
|
+
color: green;
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
.field_with_errors {
|
|
54
|
+
padding: 2px;
|
|
55
|
+
background-color: red;
|
|
56
|
+
display: table;
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
#error_explanation {
|
|
60
|
+
width: 450px;
|
|
61
|
+
border: 2px solid red;
|
|
62
|
+
padding: 7px 7px 0;
|
|
63
|
+
margin-bottom: 20px;
|
|
64
|
+
background-color: #f0f0f0;
|
|
65
|
+
|
|
66
|
+
h2 {
|
|
67
|
+
text-align: left;
|
|
68
|
+
font-weight: bold;
|
|
69
|
+
padding: 5px 5px 5px 15px;
|
|
70
|
+
font-size: 12px;
|
|
71
|
+
margin: -7px -7px 0;
|
|
72
|
+
background-color: #c00;
|
|
73
|
+
color: #fff;
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
ul li {
|
|
77
|
+
font-size: 12px;
|
|
78
|
+
list-style: square;
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
|
|
82
|
+
label {
|
|
83
|
+
display: block;
|
|
84
|
+
}
|
|
File without changes
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
class ProductsController < ApplicationController
|
|
4
|
+
before_action :set_product, only: [:show, :edit, :update, :destroy]
|
|
5
|
+
|
|
6
|
+
# GET /products
|
|
7
|
+
# GET /products.json
|
|
8
|
+
def index
|
|
9
|
+
@products = Product.all
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
# GET /products/1
|
|
13
|
+
# GET /products/1.json
|
|
14
|
+
def show
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
# GET /products/new
|
|
18
|
+
def new
|
|
19
|
+
@product = Product.new
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
# GET /products/1/edit
|
|
23
|
+
def edit
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
# POST /products
|
|
27
|
+
# POST /products.json
|
|
28
|
+
def create
|
|
29
|
+
@product = Product.new(product_params)
|
|
30
|
+
|
|
31
|
+
respond_to do |format|
|
|
32
|
+
if @product.save
|
|
33
|
+
format.html { redirect_to @product, notice: 'Product was successfully created.' }
|
|
34
|
+
format.json { render :show, status: :created, location: @product }
|
|
35
|
+
else
|
|
36
|
+
format.html { render :new }
|
|
37
|
+
format.json { render json: @product.errors, status: :unprocessable_entity }
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
# PATCH/PUT /products/1
|
|
43
|
+
# PATCH/PUT /products/1.json
|
|
44
|
+
def update
|
|
45
|
+
respond_to do |format|
|
|
46
|
+
if @product.update(product_params)
|
|
47
|
+
format.html { redirect_to @product, notice: 'Product was successfully updated.' }
|
|
48
|
+
format.json { render :show, status: :ok, location: @product }
|
|
49
|
+
else
|
|
50
|
+
format.html { render :edit }
|
|
51
|
+
format.json { render json: @product.errors, status: :unprocessable_entity }
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
# DELETE /products/1
|
|
57
|
+
# DELETE /products/1.json
|
|
58
|
+
def destroy
|
|
59
|
+
@product.destroy
|
|
60
|
+
respond_to do |format|
|
|
61
|
+
format.html { redirect_to products_url, notice: 'Product was successfully destroyed.' }
|
|
62
|
+
format.json { head :no_content }
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
private
|
|
67
|
+
|
|
68
|
+
# Use callbacks to share common setup or constraints between actions.
|
|
69
|
+
def set_product
|
|
70
|
+
@product = Product.find(params[:id])
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
# Never trust parameters from the scary internet, only allow the white list through.
|
|
74
|
+
def product_params
|
|
75
|
+
params.require(:product).permit(:name, :description, :price)
|
|
76
|
+
end
|
|
77
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
class TestCasesController < ApplicationController
|
|
4
|
+
layout false
|
|
5
|
+
|
|
6
|
+
def xss
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def unsafe_render
|
|
10
|
+
render(params[:file])
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def render_inline
|
|
14
|
+
render(inline: params[:template])
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def unsafe_redirect
|
|
18
|
+
redirect_to(params[:to])
|
|
19
|
+
end
|
|
20
|
+
end
|
|
File without changes
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html>
|
|
3
|
+
<head>
|
|
4
|
+
<title>Example</title>
|
|
5
|
+
<%= csrf_meta_tags %>
|
|
6
|
+
<%= csp_meta_tag %>
|
|
7
|
+
|
|
8
|
+
<%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %>
|
|
9
|
+
<%= javascript_include_tag 'application', 'data-turbolinks-track': 'reload' %>
|
|
10
|
+
</head>
|
|
11
|
+
|
|
12
|
+
<body>
|
|
13
|
+
<%= yield %>
|
|
14
|
+
</body>
|
|
15
|
+
</html>
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
<%= yield %>
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
<%= form_with(model: product, local: true) do |form| %>
|
|
2
|
+
<% if product.errors.any? %>
|
|
3
|
+
<div id="error_explanation">
|
|
4
|
+
<h2><%= pluralize(product.errors.count, "error") %> prohibited this product from being saved:</h2>
|
|
5
|
+
|
|
6
|
+
<ul>
|
|
7
|
+
<% product.errors.full_messages.each do |message| %>
|
|
8
|
+
<li><%= message %></li>
|
|
9
|
+
<% end %>
|
|
10
|
+
</ul>
|
|
11
|
+
</div>
|
|
12
|
+
<% end %>
|
|
13
|
+
|
|
14
|
+
<div class="field">
|
|
15
|
+
<%= form.label :name %>
|
|
16
|
+
<%= form.text_field :name %>
|
|
17
|
+
</div>
|
|
18
|
+
|
|
19
|
+
<div class="field">
|
|
20
|
+
<%= form.label :description %>
|
|
21
|
+
<%= form.text_area :description %>
|
|
22
|
+
</div>
|
|
23
|
+
|
|
24
|
+
<div class="field">
|
|
25
|
+
<%= form.label :price %>
|
|
26
|
+
<%= form.number_field :price %>
|
|
27
|
+
</div>
|
|
28
|
+
|
|
29
|
+
<div class="actions">
|
|
30
|
+
<%= form.submit %>
|
|
31
|
+
</div>
|
|
32
|
+
<% end %>
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
<p id="notice"><%= notice %></p>
|
|
2
|
+
|
|
3
|
+
<h1>Products</h1>
|
|
4
|
+
|
|
5
|
+
<table>
|
|
6
|
+
<thead>
|
|
7
|
+
<tr>
|
|
8
|
+
<th>Name</th>
|
|
9
|
+
<th>Description</th>
|
|
10
|
+
<th>Price</th>
|
|
11
|
+
<th colspan="3"></th>
|
|
12
|
+
</tr>
|
|
13
|
+
</thead>
|
|
14
|
+
|
|
15
|
+
<tbody>
|
|
16
|
+
<% @products.each do |product| %>
|
|
17
|
+
<tr>
|
|
18
|
+
<td><%= product.name %></td>
|
|
19
|
+
<td><%= product.description %></td>
|
|
20
|
+
<td><%= product.price %></td>
|
|
21
|
+
<td><%= link_to 'Show', product %></td>
|
|
22
|
+
<td><%= link_to 'Edit', edit_product_path(product) %></td>
|
|
23
|
+
<td><%= link_to 'Destroy', product, method: :delete, data: { confirm: 'Are you sure?' } %></td>
|
|
24
|
+
</tr>
|
|
25
|
+
<% end %>
|
|
26
|
+
</tbody>
|
|
27
|
+
</table>
|
|
28
|
+
|
|
29
|
+
<br>
|
|
30
|
+
|
|
31
|
+
<%= link_to 'New Product', new_product_path %>
|