the page controller is only accessible to admins for one.. I'd like to be able to create pages on the fly that include blog posting, news events top stories. and I don;t want to be changing the view files all the time. I guess I could make one page for each page type like the home page that include what i want..
I guess the quick way to explain what i'm trying to do is make a cms that is erb aware On Oct 1, 1:45 pm, Marnen Laibow-Koser <rails-mailing-l...@andreas- s.net> wrote: > spokra wrote: > > I currently have a page controller that gets html content from the DB > > and then renders it. is there a way to use ERB to pre process the > > html and make it rhtml? > > I suppose so, but this is a bad idea from a security point of view. > It's too easy for someone to put into the DB a malicious piece of ERb > code, say, something like > > <h1>This is a malicious page!</h1> > <% User.delete_all %> > > > allowing me to post more dynamic content.. > > There are better ways to do this. Can you explain more about your > application? > > Best, > -- > Marnen Laibow-Koserhttp://www.marnen.org > [email protected] > -- > Posted viahttp://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
