Forum: Ruby on Rails Use a string as template for mail body

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
5ca17be18ed84b27dc0d9062216e2da8?d=identicon&s=25 Christian Johansen (chrisjoha)
on 2008-10-14 22:46
I want to allow users to create mail templates through an administration
page. I store the email body as text in the database, and now I want to
take the string, and treat it like an email template and send as mail.

So for instance, if something like this is in the database:

<code>
email_templates
id | text
 1 | Hello #{@user.name}! This is an email
...
</code>

Then I'd like to do this:

<code>
template = EmailTemplate.find(1)
user = User.find(1)
MyMailer.deliver_some_mail(template.text, user)
</code>

...and

<code>
class MyMailer < ActionMailer::Base
  def some_mail(template, user)
    subject "..."
    recipient "me@myself.com"
    # ...

    body string_template(template, :user => user)
  end
end
</code>

Is it possible? If so, how?
6ef8cb7cd7cd58077f0b57e4fa49a969?d=identicon&s=25 Brian Hogan (Guest)
on 2008-10-14 23:24
(Received via mailing list)
While this is pretty easy with the ERB library and its rendering, it's
also
very dangerous. You'll need to build a whitelist of what you'll let them
do.

"Hello #{User.delete_all}"

Never let anyone arbitrarily monkey with your code or data.
Instead, make your own parser or look at how some of the CMS tools like
Radiant do things like this.


On Tue, Oct 14, 2008 at 3:46 PM, Christian Johansen <
5ca17be18ed84b27dc0d9062216e2da8?d=identicon&s=25 Christian Johansen (chrisjoha)
on 2008-10-14 23:29
Brian Hogan wrote:
> While this is pretty easy with the ERB library and its rendering, it's
> also
> very dangerous. You'll need to build a whitelist of what you'll let them
> do.
>
> "Hello #{User.delete_all}"
>
> Never let anyone arbitrarily monkey with your code or data.
> Instead, make your own parser or look at how some of the CMS tools like
> Radiant do things like this.
>
>
> On Tue, Oct 14, 2008 at 3:46 PM, Christian Johansen <

Yup, I'm very aware of the safety implications. Basically this will be
available to people who have access to the code as well, but it makes
this task a bit easier. I'll look up simpler parsing that'll just allow
for looking up properties on a single object or something like that.
Thanks!
C237cf537a06b60921c97804679e3b15?d=identicon&s=25 John Barnette (Guest)
on 2008-10-14 23:33
(Received via mailing list)
On Tue, Oct 14, 2008 at 2:29 PM, Christian Johansen
<rails-mailing-list@andreas-s.net> wrote:
> Yup, I'm very aware of the safety implications. Basically this will be
> available to people who have access to the code as well, but it makes
> this task a bit easier. I'll look up simpler parsing that'll just allow
> for looking up properties on a single object or something like that.

http://www.liquidmarkup.org


~ j.
81b61875e41eaa58887543635d556fca?d=identicon&s=25 Frederick Cheung (Guest)
on 2008-10-14 23:41
(Received via mailing list)
On 14 Oct 2008, at 22:29, Christian Johansen wrote:

>>
> this task a bit easier. I'll look up simpler parsing that'll just
> allow
> for looking up properties on a single object or something like that.
> Thanks!

For what it's worth, something like

@body = render :inline => some_string, :body => {}

would do it.

Fred
5ca17be18ed84b27dc0d9062216e2da8?d=identicon&s=25 Christian Johansen (chrisjoha)
on 2008-10-15 00:27
John Barnette wrote:
> On Tue, Oct 14, 2008 at 2:29 PM, Christian Johansen
> <rails-mailing-list@andreas-s.net> wrote:
>> Yup, I'm very aware of the safety implications. Basically this will be
>> available to people who have access to the code as well, but it makes
>> this task a bit easier. I'll look up simpler parsing that'll just allow
>> for looking up properties on a single object or something like that.
>
> http://www.liquidmarkup.org
>
>
> ~ j.

Thanks, this looks very interesting!
5ca17be18ed84b27dc0d9062216e2da8?d=identicon&s=25 Christian Johansen (chrisjoha)
on 2008-10-15 13:52
Christian Johansen wrote:
> John Barnette wrote:
>> On Tue, Oct 14, 2008 at 2:29 PM, Christian Johansen
>> <rails-mailing-list@andreas-s.net> wrote:
>>> Yup, I'm very aware of the safety implications. Basically this will be
>>> available to people who have access to the code as well, but it makes
>>> this task a bit easier. I'll look up simpler parsing that'll just allow
>>> for looking up properties on a single object or something like that.
>>
>> http://www.liquidmarkup.org
>>
>>
>> ~ j.
>
> Thanks, this looks very interesting!

Played around with it a little bit, and man, this is perfect for what I
needed. Very cool!
This topic is locked and can not be replied to.