Executing Ruby code that is inside a string


#1

I would like to put Ruby code inside a string, between <%= %> tags, and
have the code inside the tags executed when the string is displayed. Is
this possible?


#2

Richard,

The <%= %> tag is for the express purpose of executing ruby code.
You do not need to put it inside of a string, simply place the code
in a <%= %> tag and it will be executed before the page is
displayed. The result of the code is what will be displayed on the
page.

-Derrick


#3

On Wed, 2006-01-25 at 09:04 -0500, Derrick S. wrote:

Richard,

The <%= %> tag is for the express purpose of executing ruby code.
You do not need to put it inside of a string, simply place the code
in a <%= %> tag and it will be executed before the page is
displayed. The result of the code is what will be displayed on the
page.


along these lines…

how do you ‘comment’ out these lines?

adding

doesn’t work

Craig


#4

Derrick S. wrote:

Richard,

The <%= %> tag is for the express purpose of executing ruby code.
You do not need to put it inside of a string, simply place the code
in a <%= %> tag and it will be executed before the page is
displayed. The result of the code is what will be displayed on the
page.

-Derrick

Yes, that works for static parts of the .rhtml page. But I have dynamic
content on the page that is coming from the database. For example, on
my page I may have:

User profile: <%= @user.profile %>

The profile is a string that comes from the database. It contains HTML
formatting, but HTML alone is not enough to generate links on a Rails
site - I need to the use the link_to() function to generate links. For
instance, the user’s profile may contain:

Hello this is my profile, and this is <%= link_to ‘another profile’,
:action=>‘another’>.

But the code just gets displayed, not executed, because it is inside a
string.

So, to repeat my original question, how can I execute Ruby code that is
inside a string between <%= %> tags?


#5

<%# ruby code %>


#6

Richard Smith wrote:

The profile is a string that comes from the database. It contains HTML
formatting, but HTML alone is not enough to generate links on a Rails
site - I need to the use the link_to() function to generate links.

Uhm, no. Click is a perfectly valid link if you’ve
written it by hand or using the link_to helper. That’s what link_to
does, you know; it returns HTML.

So, to repeat my original question, how can I execute Ruby code that is
inside a string between <%= %> tags?

<%= eval(string) %>, but you need to reconsider you approach or pray
that no one ever puts stuff like User.destroy_all in their profile.

You probably want to check out textilize or simple_format or any of the
other text to HTML formats. Heck, letting the users input HTML should
work - and since you assume they know Rails code to begin with,
expecting them to know HTML isn’t unrealistic.


#7

Jakob S. wrote:

Richard Smith wrote:

The profile is a string that comes from the database. It contains
HTML formatting, but HTML alone is not enough to generate links on a
Rails site - I need to the use the link_to() function to generate links.

Uhm, no. Click is a perfectly valid link if you’ve
written it by hand or using the link_to helper. That’s what link_to
does, you know; it returns HTML.
But is more information than the user might
have to hand, or should really be expected to know. Besides,
hard-coding it means that you can’t change routing, ever, or all your
links break.

<%= eval(string) %>, but you need to reconsider you approach or pray
that no one ever puts stuff like User.destroy_all in their profile.
No need for that. Actually, it won’t work for ERb text.

You probably want to check out textilize or simple_format or any of the
other text to HTML formats. Heck, letting the users input HTML should
work - and since you assume they know Rails code to begin with,
expecting them to know HTML isn’t unrealistic.

Basically, what Richard wants is to use ERb in the database. This can
be done thus (untested):
<%= output = ‘’
ERb.new(@user.profile, nil, nil, “output”).result binding
output %>

Check here:
http://www.ruby-doc.org/stdlib/libdoc/erb/rdoc/index.html
And look at the safe_level option while you’re at it - it’s bound to
come in handy.


#8

On 1/25/06, Alex Y. removed_email_address@domain.invalid wrote:

have to hand, or should really be expected to know. Besides,
hard-coding it means that you can’t change routing, ever, or all your
links break.

<%= eval(string) %>, but you need to reconsider you approach or pray
that no one ever puts stuff like User.destroy_all in their profile.
No need for that. Actually, it won’t work for ERb text.

Why on earth wouldn’t it work?

Joe


#9

Jules J. wrote:

No need for that. Actually, it won’t work for ERb text.

<% User.destroy_all %>

Works in a view…

Yeah, but neither:

<%= eval(‘This is my <%= link_to “other profile”, :action => “show”,
:id => @user.profiles.shift %>’) %>
nor
<%= eval(‘foo bar & flibble <% User.destroy_all %>’) %>

would, making the eval() suggestion completely useless in the first
place, which is what I meant.

I know about liquid. I follow the php-savant school of thought when it
comes to template languages, although I feel an awful lot less violently
sick towards liquid than towards smarty.


#10

No need for that. Actually, it won’t work for ERb text.

<% User.destroy_all %>

Works in a view…

You should check out liquid:

http://home.leetsoft.com/liquid/

Jules


#11

Joe Van D. wrote:

On 1/25/06, Alex Y. removed_email_address@domain.invalid wrote:

Jakob S. wrote:

Richard Smith wrote:
<%= eval(string) %>, but you need to reconsider you approach or pray
that no one ever puts stuff like User.destroy_all in their profile.
No need for that. Actually, it won’t work for ERb text.

Why on earth wouldn’t it work?
Unless I’ve misread, the OP has ERb in the database, and wants to use
the link_to function within the context of the database templates. You
can’t just eval() an ERb template, it needs to go through the template
engine.


#12

On 1/25/06, Alex Y. removed_email_address@domain.invalid wrote:

the link_to function within the context of the database templates. You
can’t just eval() an ERb template, it needs to go through the template
engine.

Yes, but if a ERb template has User.destroy_all in it, bye bye data.

I think I misread your post anyways.