On Mar 18, 5:24 pm, fredd <fredrik.marten...@gmail.com> wrote: > Hi, I am currently developing a small cms in Rails. I decided recently > that I need to store both the content and the presentation template in > the database for flexibility. The system is based heavily on content > blocks and I need different templates for the same content block in > different contexts. Anyone has a good advice on how to solve that > technically? I now how to render a erb template inline, but how do I > solve things like protecting some methods on objects like "destroy" > and so on. I have looked into other template languages that offer some > degree of protection like Radius and Liquid, but I like the fact that > ERB is bundled with Ruby and Rails already uses it, why reinvent the > wheel.
Because erb is not designed to be safe and liquid is. You'll have a really hard time preventing people doing bad stuff from erb. I've never really seen rails up use ruby's safe levels and at least for C ruby there's not really a production ready sandbox that you could use. Why reinvent the wheel trying to make erb safe when people have already come up with things like liquid ? Fred > > Cheers > Fredrik --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---