Bootstrap-Sass (GEM) NES 3.4.x
How to configure Boostrap-Sass (GEM) NES
Installation
The instructions below assume you are using Bundler to manage your gem dependencies. If your project isn't using Bundler, you should upgrade to Bundler.
Follow these steps:
- Update your
Gemfile. - Configure DOMPurify.
- Install and run.
Detailed Instructions
Update your Gemfile
Open the Bundler config file (Gemfile) in your project's directory and find this line:
gem 'bootstrap-sass'
Replace that line with the following:
source 'https://USER:NES_ACCESS_TOKEN@registry.nes.herodevs.com/rubygems/' do
gem 'bootstrap-sass', '3.4.1.bootstrap.sass.3.4.8'
end
Note
Replace USER with bootstrap and NES_ACCESS_TOKEN with your access token.
Configure DOMPurify
DOMPurify is a DOM-only, super-fast, open source, XSS sanitizer for HTML.
HeroDevs strongly recommends that you include DOMPurify as a dependency along with your Bootstrap NES 3.4.5+ packages to provide optimal security protection for your application.
Bootstrap NES 3.4.5 and above will automatically detect DOMPurify and utilize it as needed. For this to happen, DOMPurify must be available on the window object. There are various ways to achieve this depending on your setup.
Option 1
For applications already using Webpacker, jsbundling-rails, or some other JS bundler; install DOMPurify via npm/yarn and expose it on the window object.
Install DOMPurify
yarn add dompurify
# or
npm install dompurify --save
Import DOMPurify
Add the following in your JS entry file (e.g. app/javascript/application.js). Make sure this comes before any Bootstrap imports.
import DOMPurify from "dompurify";
window.DOMPurify = DOMPurify;
Option 2
For applications using Sprockets or vendor assets, use this option.
- Download
purify.min.jsfrom DOMPurify. - Save this file to
vendor/assets/javascripts/dompurify.js. The name change is for simplicity when importing. - Add the following to
app/assets/javascripts/application.js.
//= require dompurify
Make sure this comes before any Bootstrap related require statements.
Option 3
For applications that don't fall into the first two options, you can use a CDN <script> tag.
In app/views/layouts/application.html.erb (or main layout), before the Rails javascript_include_tag, add the following:
<script src="https://cdn.jsdelivr.net/npm/dompurify@3.3.0/dist/purify.min.js"></script>
The version number should be updated to the latest version.
Install
bundle install
Additional Information
Direct Download URLs
The direct download URL for is:
| Gem | URL |
|---|---|
| bootstrap-sass 3.4.1.bootstrap.sass.3.4.8 | Download |