Hello,
I’m building a system that will allow users to modify layouts. Is there
a way to securely use ERB, or will I need to use a different template
engine such as Liquid?
I would prefer to use ERB, but haven’t found a way to allow people to
modify the templates without having access to running malicious code.
Any input would be helpful.
Thanks!
Since ERB allows you to call any ruby code, including calls to the
database,
or even system calls, I think that wouldn’t be a great idea for user
templates.
On May 27, 2:31 pm, Nate L. [email protected]
You will need to use a different templating language such as Liquid.
–
Appreciated my help?
Recommend me on Working With Rails
http://workingwithrails.com/person/11030-ryan-bigg
Ryan B. wrote:
You will need to use a different templating language such as Liquid.
–
Appreciated my help?
Recommend me on Working With Rails
http://workingwithrails.com/person/11030-ryan-bigg
Yep. This was the need liquid was made for. Every shopify store uses
liquid, and most of them look fantastic.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs