Use a string as template for mail body

I want to allow users to create mail templates through an administration
page. I store the email body as text in the database, and now I want to
take the string, and treat it like an email template and send as mail.

So for instance, if something like this is in the database:

<code>
email_templates
id | text
1 | Hello #{@user.name}! This is an email
...
</code>

Then I'd like to do this:

<code>
template = EmailTemplate.find(1)
user = User.find(1)
MyMailer.deliver_some_mail(template.text, user)
</code>

...and

<code>
class MyMailer < ActionMailer::Base
  def some_mail(template, user)
    subject "..."
    recipient "me@myself.com"
    # ...

    body string_template(template, :user => user)
  end
end
</code>

Is it possible? If so, how?

While this is pretty easy with the ERB library and its rendering, it’s also very dangerous. You’ll need to build a whitelist of what you’ll let them do.

“Hello #{User.delete_all}”

Never let anyone arbitrarily monkey with your code or data.
Instead, make your own parser or look at how some of the CMS tools like Radiant do things like this.

Brian Hogan wrote:

While this is pretty easy with the ERB library and its rendering, it's
also
very dangerous. You'll need to build a whitelist of what you'll let them
do.

"Hello #{User.delete_all}"

Never let anyone arbitrarily monkey with your code or data.
Instead, make your own parser or look at how some of the CMS tools like
Radiant do things like this.

On Tue, Oct 14, 2008 at 3:46 PM, Christian Johansen <

Yup, I'm very aware of the safety implications. Basically this will be
available to people who have access to the code as well, but it makes
this task a bit easier. I'll look up simpler parsing that'll just allow
for looking up properties on a single object or something like that.
Thanks!

http://www.liquidmarkup.org

~ j.

For what it's worth, something like

@body = render :inline => some_string, :body => {}

would do it.

Fred

John Barnette wrote:

Christian Johansen wrote:

John Barnette wrote:

Yup, I'm very aware of the safety implications. Basically this will be
available to people who have access to the code as well, but it makes
this task a bit easier. I'll look up simpler parsing that'll just allow
for looking up properties on a single object or something like that.

http://www.liquidmarkup.org

~ j.

Thanks, this looks very interesting!

Played around with it a little bit, and man, this is perfect for what I
needed. Very cool!