Use a string as template for mail body


#1

I want to allow users to create mail templates through an administration
page. I store the email body as text in the database, and now I want to
take the string, and treat it like an email template and send as mail.

So for instance, if something like this is in the database:

email_templates id | text 1 | Hello #{@user.name}! This is an email ...

Then I’d like to do this:

template = EmailTemplate.find(1) user = User.find(1) MyMailer.deliver_some_mail(template.text, user)

…and

class MyMailer < ActionMailer::Base def some_mail(template, user) subject "..." recipient "removed_email_address@domain.invalid" # ...
body string_template(template, :user => user)

end
end

Is it possible? If so, how?


#2

While this is pretty easy with the ERB library and its rendering, it’s
also
very dangerous. You’ll need to build a whitelist of what you’ll let them
do.

“Hello #{User.delete_all}”

Never let anyone arbitrarily monkey with your code or data.
Instead, make your own parser or look at how some of the CMS tools like
Radiant do things like this.

On Tue, Oct 14, 2008 at 3:46 PM, Christian J. <


#3

Brian H. wrote:

While this is pretty easy with the ERB library and its rendering, it’s
also
very dangerous. You’ll need to build a whitelist of what you’ll let them
do.

“Hello #{User.delete_all}”

Never let anyone arbitrarily monkey with your code or data.
Instead, make your own parser or look at how some of the CMS tools like
Radiant do things like this.

On Tue, Oct 14, 2008 at 3:46 PM, Christian J. <

Yup, I’m very aware of the safety implications. Basically this will be
available to people who have access to the code as well, but it makes
this task a bit easier. I’ll look up simpler parsing that’ll just allow
for looking up properties on a single object or something like that.
Thanks!


#4

On 14 Oct 2008, at 22:29, Christian J. wrote:

this task a bit easier. I’ll look up simpler parsing that’ll just
allow
for looking up properties on a single object or something like that.
Thanks!

For what it’s worth, something like

@body = render :inline => some_string, :body => {}

would do it.

Fred


#5

On Tue, Oct 14, 2008 at 2:29 PM, Christian J.
removed_email_address@domain.invalid wrote:

Yup, I’m very aware of the safety implications. Basically this will be
available to people who have access to the code as well, but it makes
this task a bit easier. I’ll look up simpler parsing that’ll just allow
for looking up properties on a single object or something like that.

http://www.liquidmarkup.org

~ j.


#6

John B. wrote:

On Tue, Oct 14, 2008 at 2:29 PM, Christian J.
removed_email_address@domain.invalid wrote:

Yup, I’m very aware of the safety implications. Basically this will be
available to people who have access to the code as well, but it makes
this task a bit easier. I’ll look up simpler parsing that’ll just allow
for looking up properties on a single object or something like that.

http://www.liquidmarkup.org

~ j.

Thanks, this looks very interesting!


#7

Christian J. wrote:

John B. wrote:

On Tue, Oct 14, 2008 at 2:29 PM, Christian J.
removed_email_address@domain.invalid wrote:

Yup, I’m very aware of the safety implications. Basically this will be
available to people who have access to the code as well, but it makes
this task a bit easier. I’ll look up simpler parsing that’ll just allow
for looking up properties on a single object or something like that.

http://www.liquidmarkup.org

~ j.

Thanks, this looks very interesting!

Played around with it a little bit, and man, this is perfect for what I
needed. Very cool!