Can Rails have views with restricted execution?

Is there a restricted execution solution that works with ERb or any
other Rails templating format?

I’m writing a CMS and would like to allow my users to execute a very
limited set of methods. Specifically, I’d like to allow them to call a
predefined set of methods on a predefined object. They can specify any
of the core datatypes - strings, numbers, arrays, hashes - as arguments.

Any way to do that in Rails?

Thanks in advance,
Maurice B. Gladwell

Sounds like Liquid templating engine is what you are looking for:

http://home.leetsoft.com/liquid

On May 13, 9:14 am, Maurice G. <rails-mailing-l…@andreas-

On May 13, 7:22 pm, [email protected] wrote:

Sounds like Liquid templating engine is what you are looking for:

http://home.leetsoft.com/liquid

Thanks a lot, Liquid almost cuts it… but not quite. The most
powerful tool in the Liquid set is Liquid Drops.

"Liquid Drops [1]

Drops let you provide the user with custom functionality. They’re very
much like a standard Ruby class, but have all un-needed and potentialy
dangerous methods removed. From the user’s perspective a drop acts
very much like a Hash, thought methods are accessed with dot-notation
aswell as element selection. A drop method cannot be invoked with
arguments. Drops are called just-in-time thus allowing you to lazily
load objects."

Problem is… I need to invoke them with (core data-types) arguments.

I’ll keep looking.

M.

[1] http://home.leetsoft.com/liquid/wiki/HowTo#LiquidDrops

Problem is… I need to invoke them with (core data-types) arguments.

Radiant uses a tag based one called Radius or something? There’s also
HAML, but I’m not sure it’s “safe” like liquid or radius. Other then
that, you’re on your own…


Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com

Thanks Rick,

I’ve looked at Radius[1], and it’s much more powerful and suited to my
needs than Liquid. Though to be fair, they have different design goals,
with Liquid apparently more end-user oriented.

The only thing Radius lacks is typed-arguments: all Radius arguments are
Strings.

Havn’t looked at HAML yet, though I suspect - as you did - that it lacks
any sort of security layer, being a full-power ERb alternative.

Generally I like Radius as a format a lot, even as something to learn
from and improve on, so thanks for recommending it.

M.

[1] http://radius.rubyforge.org/

On May 14, 3:36 am, “Rick O.” [email protected] wrote:

Problem is… I need to invoke them with (core data-types) arguments.

Radiant uses a tag based one called Radius or something? There’s also
HAML, but I’m not sure it’s “safe” like liquid or radius. Other then
that, you’re on your own…


Rick O.http://lighthouseapp.comhttp://weblog.techno-weenie.nethttp://mephistoblog.com

Rick O. wrote:

Problem is… I need to invoke them with (core data-types) arguments.

Radiant uses a tag based one called Radius or something? There’s also
HAML, but I’m not sure it’s “safe” like liquid or radius. Other then
that, you’re on your own…


Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com

Thanks Rick,

I’ve looked at Radius[1], and it’s much more powerful and suited to my
needs than Liquid. Though to be fair, they have different design
goals, with Liquid apparently more end-user oriented.

The only thing Radius lacks is typed-arguments: all Radius arguments
are Strings.

Havn’t looked at HAML yet, though I suspect - as you did - that it
lacks any sort of security layer, being a full-power ERb alternative.

Generally I like Radius as a format a lot, even as something to learn
from and improve on, so thanks for recommending it.

M.

[1]
http://radiantcms.org/blog/archives/2006/09/18/how-to-understanding-radius-tags/

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs