Programmatically generating PDF documents is a common requirement in many of our client projects at bitcrowd. While in Ruby there is a multitude of battle-proven libraries to choose from, the PDF library landscape in the Elixir/Erlang ecosystem is just beginning to evolve. Today, we introduce ChromicPDF, a fast and convenient Chrome-based HTML-to-PDF converter, written in Elixir.
Software development insights compiled for you by the people of bitcrowd
Introducing SSHKit
A Caching Journey
Testing Phoenix live view with jest
Changes Request Size
Code reviews are essential for software development in teams. They’re useful to share domain knowledge and best practices within the team, ensure consistent code quality, and lower the number of defects in the software. Reviewing code is hard though.
How to get URLs valid inside and outside of a docker-compose network
How to get URLs valid inside and outside of a docker-compose network
Typescript - First impressions
Resolving The Store Api Dependency
Decoding Phoenix Session Cookies
When debugging (or during security audits) it may be handy to know which data exactly is encoded in a session cookie. This is especially important because authentication frameworks like guardian store authentication secrets in sessions and we need to know they are stored securely. For the Phoenix web framework session cookies are encoded in a special format. In this post we follow Phoenix’ cookie storage implementation to find out how sessions are encoded.
Arbitrary Code Execution Vulnerability in Simple Form CVE-2019-16676
Summary
On 2019-08-02 we at bitcrowd discovered a security vulnerability in simple_form
. simple_form
is one of the go-to ways to easily handle HTML forms in Ruby on Rails. The security issue allows arbitrary code execution in the worst case, but at least has potential for data corruption or DOS attacks. This security issue was responsibly disclosed by bitcrowd. Find details about the timeline of the events and a more detailed description below.