Brian Hogan wrote:
> While this is pretty easy with the ERB library and its rendering, it's
> also
> very dangerous. You'll need to build a whitelist of what you'll let them
> do.
>
> "Hello #{User.delete_all}"
>
> Never let anyone arbitrarily monkey with your code or data.
> Instead, make your own parser or look at how some of the CMS tools like
> Radiant do things like this.
>
>
> On Tue, Oct 14, 2008 at 3:46 PM, Christian Johansen <
Yup, I'm very aware of the safety implications. Basically this will be
available to people who have access to the code as well, but it makes
this task a bit easier. I'll look up simpler parsing that'll just allow
for looking up properties on a single object or something like that.
Thanks!
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
