Hi, I am currently developing a small cms in Rails. I decided recently
that I need to store both the content and the presentation template in
the database for flexibility. The system is based heavily on content
blocks and I need different templates for the same content block in
different contexts. Anyone has a good advice on how to solve that
technically? I now how to render a erb template inline, but how do I
solve things like protecting some methods on objects like “destroy”
and so on. I have looked into other template languages that offer some
degree of protection like Radius and Liquid, but I like the fact that
ERB is bundled with Ruby and Rails already uses it, why reinvent the
wheel.
I see what you are saying but question that by storing erb templates
in the DB would eventually become less flexible at some point in the
future??
I can see why it could and why it couldn’t…
Would not using partials separated into directories by namespace’s not
work?
I guess this depends on how many templates you are looking at…, have
you tried a protoype of a db driven one? What were your results?
You could always have the DB output to files in the rails system on
demand? Maybe you write a model that doesn’t write to DB but instead
outputs to create the ERB files in the rails application’s view
folder…
Sorry maybe not so much help, but if it was me I would try the last
option…
I would also try and avoid the need for this as much as possible by
good usage of layouts and css which I am currently using on a CMS
system…
wheel.
Because erb is not designed to be safe and liquid is. You’ll have a
really hard time preventing people doing bad stuff from erb. I’ve
never really seen rails up use ruby’s safe levels and at least for C
ruby there’s not really a production ready sandbox that you could use.
Why reinvent the wheel trying to make erb safe when people have
already come up with things like liquid ?
Thanks for the replies! I am slow to respond due to vacation and
stuff:)
It defenently sounds like a good idea to have the model output erb-
templates into the file system, I will look into that. But maybe ERB
is not safe to use at all if you want the users to alter the templates
on the fly (like in my cms). I think I have to look into Liquid and
Radius a bit more. The thing I have against it though is that you have
to re-implement common view helpers. I also think it’s quite hard to
do control structures in these languages.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.