All geek questions in one place

Safe ERB language?

I wonder if there is a secure template that compiles ERB. ERB is very easy to use, but the deadly part used in CMS is powerful access (you can just write some really unpleasant things with it in seconds ...) So I wonder if there is a chance such a language exists.

Please, I do not want the radius / liquid ..... the extension for writing was too large, and the template syntax itself is simply not my cup of tea ... I would like to avoid this if possible.

Update: this is not perfect (as its not erb), but it seems much better than Liquid: http://github.com/scottpersinger/laminate

You should use Lua for your template, but Lua is already much better than trying to use fluid (which disables you from the simple assignment syntax ...)

+3
source share
3 answers

You should consider Handlebars.rb . It "uses therubyracer to bind to the actual JavaScript implementation of Handlebars.js so you can use it from ruby."

Here is a sample code:

require 'handlebars'
handlebars = Handlebars::Context.new
template = handlebars.compile("{{say}}{{what}}")
template.call(:say => "Hey", :what => "Yuh!") #=> "Hey Yuh!"
+3
source

Although you wrote "Please, I do not want a radius / liquid", I do not understand your reluctance. Just go to the Liquid page and see how simple it is:

gem install liquid

Here is an example snippet:

<ul id="products">
  {% for product in products %}
    <li>
      <h2>{{ product.title }}</h2>
      Only {{ product.price | format_as_money }}

      <p>{{ product.description | prettyprint | truncate: 200  }}</p>
    </li>
  {% endfor %}
</ul>

And to use it:

Liquid::Template.parse(template).render 'products' => Product.find(:all)
+2

Mustache:

Mustache.render("Hello {{planet}}", :planet => "World!")
=> "Hello World!"
+2

Source: https://habr.com/ru/post/1722599/

More articles:


All Articles