Can Rails have views with restricted execution?

Sounds like Liquid templating engine is what you are looking for:

http://home.leetsoft.com/liquid

Sounds like Liquid templating engine is what you are looking for:

http://home.leetsoft.com/liquid

Thanks a lot, Liquid almost cuts it... but not quite. The most
powerful tool in the Liquid set is Liquid Drops.

"Liquid Drops [1]

Drops let you provide the user with custom functionality. They're very
much like a standard Ruby class, but have all un-needed and potentialy
dangerous methods removed. From the user's perspective a drop acts
very much like a Hash, thought methods are accessed with dot-notation
aswell as element selection. A drop method cannot be invoked with
arguments. Drops are called just-in-time thus allowing you to lazily
load objects."

Problem is... I need to invoke them with (core data-types) arguments.

I'll keep looking.

M.

[1] http://home.leetsoft.com/liquid/wiki/HowTo#LiquidDrops

Problem is... I need to invoke them with (core data-types) arguments.

Radiant uses a tag based one called Radius or something? There's also
HAML, but I'm not sure it's "safe" like liquid or radius. Other then
that, you're on your own...

Thanks Rick,

I've looked at Radius[1], and it's much more powerful and suited to my
needs than Liquid. Though to be fair, they have different design
goals, with Liquid apparently more end-user oriented.

The only thing Radius lacks is typed-arguments: all Radius arguments
are Strings.

Havn't looked at HAML yet, though I suspect - as you did - that it
lacks any sort of security layer, being a full-power ERb alternative.

Generally I like Radius as a format a lot, even as something to learn
from and improve on, so thanks for recommending it.

M.

[1] http://radiantcms.org/blog/archives/2006/09/18/how-to-understanding-radius-tags/