Hi, I am currently developing a small cms in Rails. I decided recently that I need to store both the content and the presentation template in the database for flexibility. The system is based heavily on content blocks and I need different templates for the same content block in different contexts. Anyone has a good advice on how to solve that technically? I now how to render a erb template inline, but how do I solve things like protecting some methods on objects like "destroy" and so on. I have looked into other template languages that offer some degree of protection like Radius and Liquid, but I like the fact that ERB is bundled with Ruby and Rails already uses it, why reinvent the wheel. Cheers Fredrik
on 2009-03-18 19:38
on 2009-03-19 07:10
I see what you are saying but question that by storing erb templates in the DB would eventually become less flexible at some point in the future?? I can see why it could and why it couldn't... Would not using partials separated into directories by namespace's not work? I guess this depends on how many templates you are looking at..., have you tried a protoype of a db driven one? What were your results? You could always have the DB output to files in the rails system on demand? Maybe you write a model that doesn't write to DB but instead outputs to create the ERB files in the rails application's view folder... Sorry maybe not so much help, but if it was me I would try the last option... I would also try and avoid the need for this as much as possible by good usage of layouts and css which I am currently using on a CMS system...
on 2009-03-19 12:45
On Mar 18, 5:24 pm, fredd <firstname.lastname@example.org> wrote: > wheel. Because erb is not designed to be safe and liquid is. You'll have a really hard time preventing people doing bad stuff from erb. I've never really seen rails up use ruby's safe levels and at least for C ruby there's not really a production ready sandbox that you could use. Why reinvent the wheel trying to make erb safe when people have already come up with things like liquid ? Fred
on 2009-03-24 19:40
Thanks for the replies! I am slow to respond due to vacation and stuff:) It defenently sounds like a good idea to have the model output erb- templates into the file system, I will look into that. But maybe ERB is not safe to use at all if you want the users to alter the templates on the fly (like in my cms). I think I have to look into Liquid and Radius a bit more. The thing I have against it though is that you have to re-implement common view helpers. I also think it's quite hard to do control structures in these languages.
on 2009-07-08 15:15
I've been looking in to rendering safe templates recently. There are a few options I have been exploring... 1.) JRuby Sandbox - There is a recent video presentation knocking about that is worth checking (I couldn't find it via Google) 2.) Safemode http://github.com/svenfuchs/safemode/tree/master - I recently spoke to Sven and he is picking the project back up shortly Personally I would like to allow designers to FTP up templates which are rendered in a safe manner. PS. My email address has changed add a dot between first/last names.