You may also want to check out Liquid for a safer way of doing
templates:
http://www.liquidmarkup.org/
Jarin Udom
Robot Mode LLC
On Feb 27, 1:15 pm, Dudebot craign...@gmail.com wrote:
Found it. Use #{}, eval and ''
e.g. foo = '#{ bar }'
then eval( '' + foo + '' ) will interpolate bar
On 27 February 2010 21:15, Dudebot craign...@gmail.com wrote:
Needless to say, this code is *not safe*. A user can run anything in
that eval. In my application, only trusted users have access to
building templates.
I don't think it's needless... I think it's extremely important to
say. For
On Feb 28, 3:04 am, Michael Pavling pavl...@gmail.com wrote:
On 27 February 2010 21:15, Dudebot craign...@gmail.com wrote:
Needless to say, this code is *not safe*. A user can run anything in
that eval. In my application, only trusted users have access to
building templates.
I don't
On 28 February 2010 11:30, Dudebot craign...@gmail.com wrote:
On Feb 28, 3:04 am, Michael Pavling pavl...@gmail.com wrote:
On 27 February 2010 21:15, Dudebot craign...@gmail.com wrote:
Needless to say, this code is *not safe*. A user can run anything in
that eval. In my application, only
On Feb 28, 11:30 am, Dudebot craign...@gmail.com wrote:
On Feb 28, 3:04 am, Michael Pavling pavl...@gmail.com wrote:
On 27 February 2010 21:15, Dudebot craign...@gmail.com wrote:
Needless to say, this code is *not safe*. A user can run anything in
that eval. In my application, only
...
will make a mistake. They probably won't accidentally type %=
ActiveRecord::Base.connection.execute 'drop database ...' % but they
could easily type something which raises an error in some cases (or
all cases) and before you know it you're getting called at 3 in the
morning because
On Sat, 2010-02-27 at 07:43 -0800, Dudebot wrote:
Thanks, Craig--I think my example was too terse. What I'm trying to
do is to pass a block of text to a view which may contain multiple
references to external models, and I'd like to interpolate those
references.
So, for example, if
%= bar.to_s %
On Feb 27, 11:30 am, Dudebot craign...@gmail.com wrote:
OK, here's what I have in app/views/molds/show.html.erb:
trtd%= @mold.body.gsub( \n, br / ) %/td/tr
The controller finds @patient, and @patient.id = 2
If @mold.body = The patients id is %= @patient.id %
Then the view
It still displays the literal and not the interpolation :(
On Feb 27, 10:41 am, AGoofin amor...@gmail.com wrote:
%= bar.to_s %
On Feb 27, 11:30 am, Dudebot craign...@gmail.com wrote:
OK, here's what I have in app/views/molds/show.html.erb:
trtd%= @mold.body.gsub( \n, br / ) %/td/tr
On 27 February 2010 16:30, Dudebot craign...@gmail.com wrote:
OK, here's what I have in app/views/molds/show.html.erb:
trtd%= @mold.body.gsub( \n, br / ) %/td/tr
The controller finds @patient, and @patient.id = 2
If @mold.body = The patients id is %= @patient.id %
Then the view displays
Thanks, Colin! I'd like to give the user the flexibility to make a
template that interpolates objects within it. Sort of like a mail
merge. The templates are stored as text entries in a database. The
idea is, say you have something like this as a text entry in the
database
Dear Mr. %=
On Sat, 2010-02-27 at 10:12 -0800, Dudebot wrote:
Thanks, Colin! I'd like to give the user the flexibility to make a
template that interpolates objects within it. Sort of like a mail
merge. The templates are stored as text entries in a database. The
idea is, say you have something like
I'm no expert at Rails, Craig, but I've been writing working Rails
code for about 8 months now on more than a few projects. I've read
Agile Development more than once, and have over the course of time
watched scores of Rails webcasts.
If you have a solution to my question, I'd appreciate it. I
13 matches
Mail list logo
