An ERB Safemode handler for ActionView
posted: April 22nd, 2008 · by: Sven
Just some quick notes about the safemode library I’ve been working on with the help of Peter Cooper recently. Rather than starting out with a Haml specific library Peter suggested turning this into a more widely usable tool and hacked his way to make it eat plain Ruby code as well as ERB.
Since I’ve cleaned up things a bit and started working on a Rails ActionView ERB handler so one could transparently use this library when rendering ERB templates with ActionView. Yesterday I’ve managed to render a blog index page (which I used as a sample app) through this handler for the first time.
Read the rest of this entrySending Ruby to the jail: an attemp on a Haml Safemode
posted: February 17th, 2008 · by: Sven
For my intial speculations about the feasibility of a Haml safemode as an alternative for Liquid I got a bold 'No!'.sub(/o/){|c| c * 46} by Ryan Davis. Ouch! Also, Peter Cooper initially commented rather sceptically …
You guys were right that my first thoughts didn’t go far enough with just looking for certain syntax node types. But hey! There’s still hope. :)
In the meantime I’ve implemented an experimental attemp on a safemode plugin for Haml which takes a bit different approach and certainly does more to get its job done better.
Read the rest of this entrySexy Theme Templating with Haml Safemode! Finally ...
posted: February 5th, 2008 · by: Sven
Ok, this is really a looong lasting itch of mine I wanted to scratch ever since I’ve learned Liquid templates for Mephisto.
Liquid still is (as far as I know) the only usable “safe” Ruby templating engine that one could use for themes/templates in an application like Mephisto. In this context “safe” means that you can allow your users to download and install themes from arbitrary sources.
Liquid is safe …
So, with Liquid you can still sleep at night without any worries that some bastard might have included a bit of code into a theme that sends your password files to the russian mafia, runs rm -rf / or whatever nightmare you like worse.
Liquid does a very solid job here and as such it earns respect. But … let’s face it: Liquid sucks, syntaxwise.
As a Ruby programmer you want a templating system that makes your templates easier to type and more intuitive to grasp than ERB, not worse! Maybe it’s really just me, but for me Liquid fails miserably in this regard.
Haml is sexy …
On the other side of the Ruby template engines universe lives Haml. A templating system that is that awesome that you can’t possibly toy around with it for more than 3 minutes without getting totally addicted to it. But Haml is an evaluating templating system like ERB and as such you can’t use it for themes from arbitrary sources.
So how cool would it be to combine the best of both? Obviously it’d totally rock. It would be as cool as Yahoo sunglasses in 1994 and as sexy as the Audi R8 in 2008 combined.
Read the rest of this entry