spokra wrote:
> I  currently have a page controller that gets html content from the DB
> and then renders it.  is there a way to use ERB to pre process the
> html and make it rhtml?  

I suppose so, but this is a bad idea from a security point of view. 
It's too easy for someone to put into the DB a malicious piece of ERb 
code, say, something like

<h1>This is a malicious page!</h1>
<% User.delete_all %>

>  allowing me to post more dynamic content..

There are better ways to do this.  Can you explain more about your 
application?

Best,
--
Marnen Laibow-Koser
http://www.marnen.org
[email protected]
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to