Security question - erb (erubis)

Hi,

I’m tinkering with the idea of providing a client of mine with the
ability to edit pages, using erb. I’ve setup a couple of nice helpers
and things actually work surprisingly well. I’m using render_to_string
mainly.

Questions:

Does this seem totally insane, even if my client and I are the only
onces editing the pages?

Is it possible to limit what classes and methods are called within a
template?

Does anyone know of a set of regexp’s that would filter out nasty
things like bacticks etc.?

Thank you!

Matt

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs