spokra wrote: > I currently have a page controller that gets html content from the DB > and then renders it. is there a way to use ERB to pre process the > html and make it rhtml?
I suppose so, but this is a bad idea from a security point of view. It's too easy for someone to put into the DB a malicious piece of ERb code, say, something like <h1>This is a malicious page!</h1> <% User.delete_all %> > allowing me to post more dynamic content.. There are better ways to do this. Can you explain more about your application? Best, -- Marnen Laibow-Koser http://www.marnen.org [email protected] -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
