Remote Ruby Mike Dalessio on HTML parsing & sanitization and SQLite
Aug 30, 2024
In this discussion, Mike Dalessio, a seasoned Ruby developer and open-source contributor, shares his journey from management to hands-on coding. He explores the challenges of HTML sanitization in Ruby on Rails, including handling SVG vulnerabilities and user-specific configurations. Mike also delves into the evolution of SQLite gems, highlighting collaborative efforts to improve database performance. Additionally, he emphasizes the importance of managerial experience in enhancing software development skills and the ongoing innovations within the Ruby community.
AI Snips
Chapters
Transcript
Episode notes
Open Source Beginnings
- Mike Dalessio's open-source journey began while working at a power generator startup.
- He needed to scrape data from websites with broken HTML, leading him to contribute to Nokogiri and Mechanize.
Rails Sanitizer History
- Rails' sanitizer has a historical design based on an older wiki.
- It uses regular expressions, which are now considered less ideal than parsing HTML.
Custom Allow Lists
- Ryan Grove, creator of the Sanitize gem, regrets allowing custom allow lists.
- Maintaining these lists has been problematic, highlighting the challenge of balancing flexibility and security.