Erb question

I currently have a page controller that gets html content from the DB
and then renders it. is there a way to use ERB to pre process the
html and make it rhtml? allowing me to post more dynamic content…

spokra wrote:

I currently have a page controller that gets html content from the DB
and then renders it. is there a way to use ERB to pre process the
html and make it rhtml?

I suppose so, but this is a bad idea from a security point of view.
It’s too easy for someone to put into the DB a malicious piece of ERb
code, say, something like

This is a malicious page!

<% User.delete_all %>

allowing me to post more dynamic content…

There are better ways to do this. Can you explain more about your
application?

Best,

Marnen Laibow-Koser
http://www.marnen.org
[email protected]

the page controller is only accessible to admins for one…

I’d like to be able to create pages on the fly that include blog
posting, news events top stories. and I don;t want to be changing the
view files all the time. I guess I could make one page for each page
type like the home page that include what i want…

I guess the quick way to explain what i’m trying to do is make a cms
that is erb aware

On Oct 1, 1:45 pm, Marnen Laibow-Koser <rails-mailing-l…@andreas-

spokra wrote:

the page controller is only accessible to admins for one.

That’s kind of weak security when coupled with such a dangerous idea.

I’d like to be able to create pages on the fly that include blog
posting, news events top stories. and I don;t want to be changing the
view files all the time. I guess I could make one page for each page
type like the home page that include what i want…

I guess the quick way to explain what i’m trying to do is make a cms
that is erb aware

Again, bad idea. Most CMSs include some for of template language that
will do what you want (for example, Radius within the Radiant CMS), but
by design, these languages never have all the features of ERb –
specifically, they can’t execute arbitrary Ruby code. And that’s the
way it should be.

With that in mind, then, why not give a CMS like Radiant a try?

On Oct 1, 1:45�pm, Marnen Laibow-Koser <rails-mailing-l…@andreas-

Best,

Marnen Laibow-Koser
http://www.marnen.org
[email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs