liquor, liquid и другие безопасные языки разметки в ror

Post on 15-Apr-2017

99 Views

Category:

Data & Analytics

3 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Liquor, Liquidи другие безопасные языки разметки в

RoR

Тимофей Цветков, EvilMartians

Safe templates

То, что не страшно разрешить

редактировать пользователю

Safe Templates?

Shopify

Safe Templates?

multi site app with custom user design

email templates

Solutions•Radius http://radius.rubyforge.org

•Ruty http://ruty.rubyforge.org

•Laminate http://github.com/scottpersinger/laminate

•cs/Template http://cstemplate.rubyforge.org

Radius

context = Radius::Context.new do |c| c.define_tag 'repeat' do |tag| number = (tag.attr['times'] || '1').to_i result = '' number.times { result << tag.expand } result end end

Ruty

Похож на Liquid

Rutyclass YourClass def foo 42 end def bar 23 end def delete # delete object here, not possible to do from the # template because not safe end def ruty_safe? name return [:foo, :bar].include?(name) endend

Laminate

‘Laminate is a system for executing user-written

templates built using the Lua language’

cs/Template

‘cs/Template is a fast, generic template engine

for Ruby, written in C’

Liquid

Shopify, Mephisto and many others

Liquid<ul id="products"> {% for product in products %} <li> <h2>{{product.title}}</h2> Only {{product.price | format_as_money }} <p>{{product.description | prettyprint | truncate: 200 }}</p> </li> {% endfor %} </ul>

Liquid::Dropclass Post < ActiveRecord::Base

liquid_methods :title, :body end

class Post < ActiveRecord::Basedef to_liquid

PostDrop.new selfend

end

Liquid::Dropclass Liquid::Drop

alias :[], :invoke_dropdef invoke_drop

methods = self.class.public_instance_methods.map{ |m| m.to_s }

if methods.include? method.to_ssend(method.to_sym)

elsebefore_method(method)

endend

def before_method(method)nil

endend

Liquid suxx

Drops suxx

methods? named_scopes? associations?

Liquor

http://github.com/evilmartians/liquor

Liquor

class PostDrop < Liquor::Dropliquor_attributes << :title << :bodyliquor_names_scopes << :recent << :for_tag

belongs_to :bloghas_many :commentshas_one :author

end

Liquor

Filters, content_for and yield tags

Liquor. Expressions

{% assign playlists = site.playlists|by_name:artist.name %}

{% for artist in site.artists.active|scoped_to:genre %}

Liquorclass ActiveRecord::NamedScope

def to_liquorself

endend

But only array and .paginate methods are allowed

Liquor

We use it in production:kasta.rurespectproduction.com (comming soon)

Красный быстрый

96 капель.Горящий куантро и еще кое-что...

Да, мы будем компилировать

ror2ru

Накуси выкуси

Троллинг

top related