Is there a restricted execution solution that works with ERb or any
other Rails templating format?
I’m writing a CMS and would like to allow my users to execute a very
limited set of methods. Specifically, I’d like to allow them to call a
predefined set of methods on a predefined object. They can specify any
of the core datatypes - strings, numbers, arrays, hashes - as arguments.
Any way to do that in Rails?
Thanks in advance,
Maurice B. Gladwell
Sounds like Liquid templating engine is what you are looking for:
http://home.leetsoft.com/liquid
On May 13, 9:14 am, Maurice G. <rails-mailing-l…@andreas-
On May 13, 7:22 pm, [email protected] wrote:
Sounds like Liquid templating engine is what you are looking for:
Thanks a lot, Liquid almost cuts it… but not quite. The most
powerful tool in the Liquid set is Liquid Drops.
"Liquid Drops [1]
Drops let you provide the user with custom functionality. They’re very
much like a standard Ruby class, but have all un-needed and potentialy
dangerous methods removed. From the user’s perspective a drop acts
very much like a Hash, thought methods are accessed with dot-notation
aswell as element selection. A drop method cannot be invoked with
arguments. Drops are called just-in-time thus allowing you to lazily
load objects."
Problem is… I need to invoke them with (core data-types) arguments.
I’ll keep looking.
M.
Problem is… I need to invoke them with (core data-types) arguments.
Radiant uses a tag based one called Radius or something? There’s also
HAML, but I’m not sure it’s “safe” like liquid or radius. Other then
that, you’re on your own…
–
Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com
Thanks Rick,
I’ve looked at Radius[1], and it’s much more powerful and suited to my
needs than Liquid. Though to be fair, they have different design goals,
with Liquid apparently more end-user oriented.
The only thing Radius lacks is typed-arguments: all Radius arguments are
Strings.
Havn’t looked at HAML yet, though I suspect - as you did - that it lacks
any sort of security layer, being a full-power ERb alternative.
Generally I like Radius as a format a lot, even as something to learn
from and improve on, so thanks for recommending it.
M.
[1] http://radius.rubyforge.org/
On May 14, 3:36 am, “Rick O.” [email protected] wrote:
Problem is… I need to invoke them with (core data-types) arguments.
Radiant uses a tag based one called Radius or something? There’s also
HAML, but I’m not sure it’s “safe” like liquid or radius. Other then
that, you’re on your own…–
Rick O.http://lighthouseapp.comhttp://weblog.techno-weenie.nethttp://mephistoblog.com
Rick O. wrote:
Problem is… I need to invoke them with (core data-types) arguments.
Radiant uses a tag based one called Radius or something? There’s also
HAML, but I’m not sure it’s “safe” like liquid or radius. Other then
that, you’re on your own…–
Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com
Thanks Rick,
I’ve looked at Radius[1], and it’s much more powerful and suited to my
needs than Liquid. Though to be fair, they have different design
goals, with Liquid apparently more end-user oriented.
The only thing Radius lacks is typed-arguments: all Radius arguments
are Strings.
Havn’t looked at HAML yet, though I suspect - as you did - that it
lacks any sort of security layer, being a full-power ERb alternative.
Generally I like Radius as a format a lot, even as something to learn
from and improve on, so thanks for recommending it.
M.
[1]
http://radiantcms.org/blog/archives/2006/09/18/how-to-understanding-radius-tags/
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs