Forum: Ruby on Rails Use a string as template for mail body

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Christian J. (Guest)
on 2008-10-15 00:46
I want to allow users to create mail templates through an administration
page. I store the email body as text in the database, and now I want to
take the string, and treat it like an email template and send as mail.

So for instance, if something like this is in the database:

<code>
email_templates
id | text
 1 | Hello #{@user.name}! This is an email
...
</code>

Then I'd like to do this:

<code>
template = EmailTemplate.find(1)
user = User.find(1)
MyMailer.deliver_some_mail(template.text, user)
</code>

...and

<code>
class MyMailer < ActionMailer::Base
  def some_mail(template, user)
    subject "..."
    recipient "removed_email_address@domain.invalid"
    # ...

    body string_template(template, :user => user)
  end
end
</code>

Is it possible? If so, how?
Brian H. (Guest)
on 2008-10-15 01:24
(Received via mailing list)
While this is pretty easy with the ERB library and its rendering, it's
also
very dangerous. You'll need to build a whitelist of what you'll let them
do.

"Hello #{User.delete_all}"

Never let anyone arbitrarily monkey with your code or data.
Instead, make your own parser or look at how some of the CMS tools like
Radiant do things like this.


On Tue, Oct 14, 2008 at 3:46 PM, Christian J. <
Christian J. (Guest)
on 2008-10-15 01:29
Brian H. wrote:
> While this is pretty easy with the ERB library and its rendering, it's
> also
> very dangerous. You'll need to build a whitelist of what you'll let them
> do.
>
> "Hello #{User.delete_all}"
>
> Never let anyone arbitrarily monkey with your code or data.
> Instead, make your own parser or look at how some of the CMS tools like
> Radiant do things like this.
>
>
> On Tue, Oct 14, 2008 at 3:46 PM, Christian J. <

Yup, I'm very aware of the safety implications. Basically this will be
available to people who have access to the code as well, but it makes
this task a bit easier. I'll look up simpler parsing that'll just allow
for looking up properties on a single object or something like that.
Thanks!
John B. (Guest)
on 2008-10-15 01:33
(Received via mailing list)
On Tue, Oct 14, 2008 at 2:29 PM, Christian J.
<removed_email_address@domain.invalid> wrote:
> Yup, I'm very aware of the safety implications. Basically this will be
> available to people who have access to the code as well, but it makes
> this task a bit easier. I'll look up simpler parsing that'll just allow
> for looking up properties on a single object or something like that.

http://www.liquidmarkup.org


~ j.
Frederick C. (Guest)
on 2008-10-15 01:41
(Received via mailing list)
On 14 Oct 2008, at 22:29, Christian J. wrote:

>>
> this task a bit easier. I'll look up simpler parsing that'll just
> allow
> for looking up properties on a single object or something like that.
> Thanks!

For what it's worth, something like

@body = render :inline => some_string, :body => {}

would do it.

Fred
Christian J. (Guest)
on 2008-10-15 02:27
John B. wrote:
> On Tue, Oct 14, 2008 at 2:29 PM, Christian J.
> <removed_email_address@domain.invalid> wrote:
>> Yup, I'm very aware of the safety implications. Basically this will be
>> available to people who have access to the code as well, but it makes
>> this task a bit easier. I'll look up simpler parsing that'll just allow
>> for looking up properties on a single object or something like that.
>
> http://www.liquidmarkup.org
>
>
> ~ j.

Thanks, this looks very interesting!
Christian J. (Guest)
on 2008-10-15 15:52
Christian J. wrote:
> John B. wrote:
>> On Tue, Oct 14, 2008 at 2:29 PM, Christian J.
>> <removed_email_address@domain.invalid> wrote:
>>> Yup, I'm very aware of the safety implications. Basically this will be
>>> available to people who have access to the code as well, but it makes
>>> this task a bit easier. I'll look up simpler parsing that'll just allow
>>> for looking up properties on a single object or something like that.
>>
>> http://www.liquidmarkup.org
>>
>>
>> ~ j.
>
> Thanks, this looks very interesting!

Played around with it a little bit, and man, this is perfect for what I
needed. Very cool!
This topic is locked and can not be replied to.