Security concerns aside, if I want to let the user write Rails code to
my MySql database (e.g. <%= "Hello world %>, and the application would
then parse the code, would that be possible?
(warning "not what you asked, but imo a better solution to user generated content)
I have implemented such a feature for email templates using the liquid templating engine.
You can benefit from flow control, operators and sandboxing.
providing a context to liquid is the toughest part; not so tough - just need to explicitly tell liquid what objects, attributes associations are avail.
Let me know if a bit of code can help you move forward.
That was what I thought might work too Thanks for the great advice. I
actually just installed the liquid plugin before I saw your post, and
I'll look into Mephisto.
After writing I realized that depending on your needs there might be another option - I'm looking at this option right now.
If you're not doing templating, FFSB[1] (_why's FreakyFreaky Sandbox) might be an option.
Fully ruby sandboxed syntax - not geared to templates though. The syntax is much sweeter though - the ruby we love - I've found liquid syntax to be a bit paintful but certainly a good solution for end user templating.
Unfortunately there hasn't been a commit to FFSB since late 2006. I've presently asked _why the status - no response yet.
(and np on the spelling. common mistake. Mom was a hippy who loved boys with girls names err spellings)
Thanks for the great advice. I