Forum: Ruby on Rails Executing Ruby code that is inside a string

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Richard Smith (Guest)
on 2006-01-25 15:57
I would like to put Ruby code inside a string, between <%= %> tags, and
have the code inside the tags executed when the string is displayed.  Is
this possible?
Derrick S. (Guest)
on 2006-01-25 16:07
(Received via mailing list)
Richard,

The <%= %> tag is for the express purpose of executing ruby code.
You do not need to put it inside of a string, simply place the code
in a <%= %> tag and it will be executed before the page is
displayed.  The result of the code is what will be displayed on the
page.

-Derrick
Craig W. (Guest)
on 2006-01-25 16:55
(Received via mailing list)
On Wed, 2006-01-25 at 09:04 -0500, Derrick S. wrote:
> Richard,
>
> The <%= %> tag is for the express purpose of executing ruby code.
> You do not need to put it inside of a string, simply place the code
> in a <%= %> tag and it will be executed before the page is
> displayed.  The result of the code is what will be displayed on the
> page.
----
along these lines...

how do you 'comment' out these lines?

adding

<!--
<% ruby code %>
-->

doesn't work

Craig
Francois P. (Guest)
on 2006-01-25 16:59
(Received via mailing list)
<%# ruby code %>
Richard Smith (Guest)
on 2006-01-25 17:31
Derrick S. wrote:
> Richard,
>
> The <%= %> tag is for the express purpose of executing ruby code.
> You do not need to put it inside of a string, simply place the code
> in a <%= %> tag and it will be executed before the page is
> displayed.  The result of the code is what will be displayed on the
> page.
>
> -Derrick

Yes, that works for static parts of the .rhtml page.  But I have dynamic
content on the page that is coming from the database.  For example, on
my page I may have:


User profile: <%= @user.profile %>


The profile is a string that comes from the database.  It contains HTML
formatting, but HTML alone is not enough to generate links on a Rails
site - I need to the use the link_to() function to generate links.  For
instance, the user's profile may contain:


Hello this is my profile, and this is <%= link_to 'another profile',
:action=>'another'>.


But the code just gets displayed, not executed, because it is inside a
string.

So, to repeat my original question, how can I execute Ruby code that is
inside a string between <%= %> tags?
Jakob S. (Guest)
on 2006-01-25 17:44
(Received via mailing list)
Richard Smith wrote:
> The profile is a string that comes from the database.  It contains HTML
> formatting, but HTML alone is not enough to generate links on a Rails
> site - I need to the use the link_to() function to generate links.

Uhm, no. <a href="/">Click</a> is a perfectly valid link if you've
written it by hand or using the link_to helper. That's what link_to
does, you know; it returns HTML.

> So, to repeat my original question, how can I execute Ruby code that is
> inside a string between <%= %> tags?

<%= eval(string) %>, but you need to reconsider you approach or pray
that no one ever puts stuff like User.destroy_all in their profile.

You probably want to check out textilize or simple_format or any of the
other text to HTML formats. Heck, letting the users input HTML should
work - and since you assume they know Rails code to begin with,
expecting them to know HTML isn't unrealistic.
Alex Y. (Guest)
on 2006-01-25 18:02
(Received via mailing list)
Jakob S. wrote:
> Richard Smith wrote:
>> The profile is a string that comes from the database.  It contains
>> HTML formatting, but HTML alone is not enough to generate links on a
>> Rails site - I need to the use the link_to() function to generate links.
>
> Uhm, no. <a href="/">Click</a> is a perfectly valid link if you've
> written it by hand or using the link_to helper. That's what link_to
> does, you know; it returns HTML.
But <a href="/profile/show/3"> is more information than the user might
have to hand, or should really be expected to know.  Besides,
hard-coding it means that you can't change routing, ever, or all your
links break.

> <%= eval(string) %>, but you need to reconsider you approach or pray
> that no one ever puts stuff like User.destroy_all in their profile.
No need for that.  Actually, it won't work for ERb text.

> You probably want to check out textilize or simple_format or any of the
> other text to HTML formats. Heck, letting the users input HTML should
> work - and since you assume they know Rails code to begin with,
> expecting them to know HTML isn't unrealistic.

Basically, what Richard wants is to use ERb in the database.  This can
be done thus (untested):
   <%= output = ''
	ERb.new(@user.profile, nil, nil, "output").result binding
	output %>

Check here:
http://www.ruby-doc.org/stdlib/libdoc/erb/rdoc/index.html
And look at the safe_level option while you're at it - it's bound to
come in handy.
Jules J. (Guest)
on 2006-01-25 21:40
> No need for that.  Actually, it won't work for ERb text.

<% User.destroy_all %>

Works in a view...

You should check out liquid:

http://home.leetsoft.com/liquid/


Jules
Joe Van D. (Guest)
on 2006-01-25 21:50
(Received via mailing list)
On 1/25/06, Alex Y. <removed_email_address@domain.invalid> wrote:
> have to hand, or should really be expected to know.  Besides,
> hard-coding it means that you can't change routing, ever, or all your
> links break.
>
> > <%= eval(string) %>, but you need to reconsider you approach or pray
> > that no one ever puts stuff like User.destroy_all in their profile.
> No need for that.  Actually, it won't work for ERb text.

Why on earth wouldn't it work?

Joe
Alex Y. (Guest)
on 2006-01-26 00:54
(Received via mailing list)
Jules J. wrote:
>> No need for that.  Actually, it won't work for ERb text.
>
> <% User.destroy_all %>
>
> Works in a view...

Yeah, but neither:

   <%= eval('This is my <%= link_to "other profile", :action => "show",
       :id => @user.profiles.shift %>') %>
nor
   <%= eval('foo bar &amp; flibble <% User.destroy_all %>') %>

would, making the eval() suggestion completely useless in the first
place, which is what I meant.

I know about liquid.  I follow the php-savant school of thought when it
comes to template languages, although I feel an awful lot less violently
sick towards liquid than towards smarty.
Alex Y. (Guest)
on 2006-01-26 00:57
(Received via mailing list)
Joe Van D. wrote:
> On 1/25/06, Alex Y. <removed_email_address@domain.invalid> wrote:
>> Jakob S. wrote:
>>> Richard Smith wrote:
>>> <%= eval(string) %>, but you need to reconsider you approach or pray
>>> that no one ever puts stuff like User.destroy_all in their profile.
>> No need for that.  Actually, it won't work for ERb text.
>
> Why on earth wouldn't it work?
Unless I've misread, the OP has ERb in the database, and wants to use
the link_to function within the context of the database templates.  You
can't just eval() an ERb template, it needs to go through the template
engine.
Joe Van D. (Guest)
on 2006-01-26 02:06
(Received via mailing list)
On 1/25/06, Alex Y. <removed_email_address@domain.invalid> wrote:
> the link_to function within the context of the database templates.  You
> can't just eval() an ERb template, it needs to go through the template
> engine.

Yes, but if a ERb template has User.destroy_all in it, bye bye data.

I think I misread your post anyways.
This topic is locked and can not be replied to.