existing packages that do a similar thing: • Huxley, Phantom CSS, GhostStory, Cactus, Needle, CSSCritic, fighting-layout-bugs, sikuli, Mogo, Quixote • Not the right fit, so: Do It Yourself ™ • BugSnag has a separate service that runs screenshot tests and that posts back to pull request with the outcome. • Screenshots are compared between branches
by default • html_safe does not make strings safe • CSRF doesn’t apply to GET • CSRF tokens persist per session • By default when a CSRF error occurs, Rails will continue the current action unless explicitly being told not to (fixed in a couple of versions)
default • Session cookies are forever by default • No build in account management • No build in authorization framework • link_to not safe by default • etc etc: http://blog.codeclimate.com/blog/2013/03/27/rails-insecure- defaults/