Parsing Ruby code from database possible?

Howdy Bob -

Security concerns aside, if I want to let the user write Rails code to
my MySql database (e.g. <%= "Hello world %>, and the application would
then parse the code, would that be possible?

(warning "not what you asked, but imo a better solution to user generated content)

I have implemented such a feature for email templates using the liquid templating engine.

You can benefit from flow control, operators and sandboxing.

Good resources are: (look at the mephisto source for implementation)

providing a context to liquid is the toughest part; not so tough - just need to explicitly tell liquid what objects, attributes associations are avail.

Let me know if a bit of code can help you move forward.


Bob -

Hi Jody!

That was what I thought might work too :slight_smile: Thanks for the great advice. I
actually just installed the liquid plugin before I saw your post, and
I'll look into Mephisto.

After writing I realized that depending on your needs there might be another option - I'm looking at this option right now.

If you're not doing templating, FFSB[1] (_why's FreakyFreaky Sandbox) might be an option.

Fully ruby sandboxed syntax - not geared to templates though. The syntax is much sweeter though - the ruby we love - I've found liquid syntax to be a bit paintful but certainly a good solution for end user templating.

Unfortunately there hasn't been a commit to FFSB since late 2006. I've presently asked _why the status - no response yet.

(and np on the spelling. common mistake. Mom was a hippy who loved boys with girls names err spellings)