erb question

I currently have a page controller that gets html content from the DB
and then renders it. is there a way to use ERB to pre process the
html and make it rhtml? allowing me to post more dynamic content..

spokra wrote:

I currently have a page controller that gets html content from the DB
and then renders it. is there a way to use ERB to pre process the
html and make it rhtml?

I suppose so, but this is a bad idea from a security point of view.
It's too easy for someone to put into the DB a malicious piece of ERb
code, say, something like

<h1>This is a malicious page!</h1>
<% User.delete_all %>

allowing me to post more dynamic content..

There are better ways to do this. Can you explain more about your
application?

Best,

the page controller is only accessible to admins for one..

I'd like to be able to create pages on the fly that include blog
posting, news events top stories. and I don;t want to be changing the
view files all the time. I guess I could make one page for each page
type like the home page that include what i want..

I guess the quick way to explain what i'm trying to do is make a cms
that is erb aware