I currently have a page controller that gets html content from the DB and then renders it. is there a way to use ERB to pre process the html and make it rhtml? allowing me to post more dynamic content..
spokra wrote:
I currently have a page controller that gets html content from the DB and then renders it. is there a way to use ERB to pre process the html and make it rhtml?
I suppose so, but this is a bad idea from a security point of view. It's too easy for someone to put into the DB a malicious piece of ERb code, say, something like
<h1>This is a malicious page!</h1> <% User.delete_all %>
allowing me to post more dynamic content..
There are better ways to do this. Can you explain more about your application?
Best,
the page controller is only accessible to admins for one..
I'd like to be able to create pages on the fly that include blog posting, news events top stories. and I don;t want to be changing the view files all the time. I guess I could make one page for each page type like the home page that include what i want..
I guess the quick way to explain what i'm trying to do is make a cms that is erb aware
