While this is pretty easy with the ERB library and its rendering, it's also
very dangerous. You'll need to build a whitelist of what you'll let them do.
"Hello #{User.delete_all}"
Never let anyone arbitrarily monkey with your code or data.
Instead, make your own parser or look at how some of the CMS tools like
Radiant do things like this.
On Tue, Oct 14, 2008 at 3:46 PM, Christian Johansen <
[EMAIL PROTECTED]> wrote:
>
> I want to allow users to create mail templates through an administration
> page. I store the email body as text in the database, and now I want to
> take the string, and treat it like an email template and send as mail.
>
> So for instance, if something like this is in the database:
>
> <code>
> email_templates
> id | text
> 1 | Hello [EMAIL PROTECTED] This is an email
> ...
> </code>
>
> Then I'd like to do this:
>
> <code>
> template = EmailTemplate.find(1)
> user = User.find(1)
> MyMailer.deliver_some_mail(template.text, user)
> </code>
>
> ...and
>
> <code>
> class MyMailer < ActionMailer::Base
> def some_mail(template, user)
> subject "..."
> recipient "[EMAIL PROTECTED]"
> # ...
>
> body string_template(template, :user => user)
> end
> end
> </code>
>
> Is it possible? If so, how?
> --
> Posted via http://www.ruby-forum.com/.
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
