ERB templates in the database

Hi, I am currently developing a small cms in Rails. I decided recently
that I need to store both the content and the presentation template in
the database for flexibility. The system is based heavily on content
blocks and I need different templates for the same content block in
different contexts. Anyone has a good advice on how to solve that
technically? I now how to render a erb template inline, but how do I
solve things like protecting some methods on objects like “destroy”
and so on. I have looked into other template languages that offer some
degree of protection like Radius and Liquid, but I like the fact that
ERB is bundled with Ruby and Rails already uses it, why reinvent the


I see what you are saying but question that by storing erb templates
in the DB would eventually become less flexible at some point in the

I can see why it could and why it couldn’t…

Would not using partials separated into directories by namespace’s not

I guess this depends on how many templates you are looking at…, have
you tried a protoype of a db driven one? What were your results?

You could always have the DB output to files in the rails system on
demand? Maybe you write a model that doesn’t write to DB but instead
outputs to create the ERB files in the rails application’s view

Sorry maybe not so much help, but if it was me I would try the last

I would also try and avoid the need for this as much as possible by
good usage of layouts and css which I am currently using on a CMS

On Mar 18, 5:24 pm, fredd [email protected] wrote:

Because erb is not designed to be safe and liquid is. You’ll have a
really hard time preventing people doing bad stuff from erb. I’ve
never really seen rails up use ruby’s safe levels and at least for C
ruby there’s not really a production ready sandbox that you could use.
Why reinvent the wheel trying to make erb safe when people have
already come up with things like liquid ?


I’ve been looking in to rendering safe templates recently. There are a
few options I have been exploring…

1.) JRuby Sandbox

  • There is a recent video presentation knocking about that is worth
    checking (I couldn’t find it via Google)

2.) Safemode

  • I recently spoke to Sven and he is picking the project back up shortly

Personally I would like to allow designers to FTP up templates which are
rendered in a safe manner.

PS. My email address has changed add a dot between first/last names.

Thanks for the replies! I am slow to respond due to vacation and

It defenently sounds like a good idea to have the model output erb-
templates into the file system, I will look into that. But maybe ERB
is not safe to use at all if you want the users to alter the templates
on the fly (like in my cms). I think I have to look into Liquid and
Radius a bit more. The thing I have against it though is that you have
to re-implement common view helpers. I also think it’s quite hard to
do control structures in these languages.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs