Just read through that pdf. I'm mainly in agreement with his commentary of the current field of template engines - though he does lose me a bit on his 'StringTemplate is totally the best thing ever' conclusions (his alternating table row colours example (9.2) especially looks like a horribly stupid result to me). For the most part, his style is actually quite similar tomy own style when using freemarker, but I err on the side of discipline rather than constraint (which is also why I've choosen ruby over java for every piece of code that I could in the last few years)
The main reason I want to look at this is to try and make sure that if we do want to take radius out of the equation, that our code isn't tied in so tightly that you can't switch out the template renderer. The only way to make sure that we're not doing that is to try replacing the template renderer and seeing how much things break. My plan for safe-level erb isn't to expose the page model directly to the template (the fact is that ActiveRecord classes are unusable at $SAFE=4), but to have a mechanism for declaring which attributes and collections of a Page to be exposed to the template. ERB is just my first choice as it takes away the need to write my own template parser. I think the current situation where you can't iterate over a collection or perform a simple conditional check without adding new tags is pretty poor and the main reason why things like Backdoor exist. > there for. Create a new Page type, define a tag (and remember to > escape HTML) -- it's that easy. If a developer knows how to write a That 'remember to escape HTML' is one of my issues with radius - escaping should be the default, not vice-versa, but the way that radius builds strings would make that virtually impossible (doing it in ERB isn't much easier, but possible). ...speaking of which I just realised where an XSS vulnerability is. > Among the two most important features of a Rails based CMS (as > opposed to a regular Rails application) are the promise to your less > technically inclined users that nothing they will do will impact the > overall system and caching. Exposing limited objects in a safe ruby environment shouldn't harm that goal. I definitely don't want a world where response header changes and page updates are happening within the template content. Dan. _______________________________________________ Radiant mailing list Post: [email protected] Search: http://radiantcms.org/mailing-list/search/ Site: http://lists.radiantcms.org/mailman/listinfo/radiant
