Ruby on Rails: Security First & Developer Experience Wins

Today we're diving into 6 merged PRs that show Rails firing on all cylinders - from a critical Action Text security fix to SQLite virtual table improvements and test suite cleanup. The standout is Mike Dalessio's comprehensive security enhancement that validates URI schemes in markdown conversion, plus some lovely developer experience improvements in Docker builds and test helpers.

Duration: PT3M43S

Episode overview

This episode is a short developer briefing from Ruby on Rails.

It explains recent repository work in plain language.

  • Show: Ruby on Rails
  • Published: 2026-03-13T10:24:09Z
  • Audio duration: PT3M43S

Transcript excerpt

This excerpt keeps the crawler page concise. Listen to the episode or use the RSS feed for the full update.

Hey there, fellow Rails developers! Welcome back to another episode of Ruby on Rails. I'm your host, and wow - do we have a packed day to talk about! March 13th brought us 6 fantastic merged pull requests that really showcase the Rails community at its best.

Let's jump right into our biggest story today - a security enhancement that's honestly pretty impressive in its thoroughness. Mike Dalessio tackled a vulnerability in Action Text's markdown link conversion. Here's the deal: when Rails processes HTML, it already strips out dangerous URI schemes like `javascript:` or…

Mike didn't just patch the hole - he built a comprehensive solution. The fix adds proper URI scheme validation using Rails' existing sanitizer, and here's what I love - when it encounters a disallowed scheme, it gracefully falls back to escaped bracketed text instead of just breaking. Plus, they centralized all the…

Speaking of doing things right, we had some great SQLite improvements today. Nicolas fixed an issue where virtual tables without parentheses weren't being parsed correctly - one of those edge cases that could really trip you up if you're working with SpatiaLite or similar extensions. And Heinrich…

Now,…

And…

Nearby episodes from Ruby on Rails

  1. Speed Demon Edition - 5x Faster Schema Loading
  2. ActionText Gets a Flexible Block Makeover
  3. Documentation Love and Developer Clarity
  4. Database Operations Get a Major Upgrade
  5. Async Query Instrumentation Fix and Auth Generator Polish
  6. The Art of Clean Tests
  7. Spring Cleaning - Small Fixes, Big Impact
  8. Ruby 4.1 Compatibility Quest