安全的 ERB 语言? [英] Safe ERB Language?

问题描述

我想知道是否有一个安全的模板可以重新组装ERB.ERB 非常易于使用，但是在 CMS 中使用它的致命部分是过于强大的访问(您可以在几秒钟内用它写一些非常讨厌的东西......)所以我想知道是否有任何机会存在这样的语言.

I wonder if there is a safe template that reassemble ERB. ERB is very easy to use, but the deadly part to use that in a CMS is the over powerful access (you can just write some really nasty stuff with that in a matter of seconds...) So I wonder if there is any chance such language exist.

请我不想要半径/液体..... 写扩展太麻烦，模板语法本身不是我的一杯茶...如果可能的话，我想避免它.

Please I don't want radius/liquid..... writing extension for that is too much trouble and the template syntax itself is just not my cup of tea... I would want to avoid it if ever possible.

更新:这并不完美(因为它不是 erb)但似乎比 Liquid 好得多:http://github.com/scottpersinger/laminate

Update: This is not perfect (as its not erb) but seems way much better than Liquid: http://github.com/scottpersinger/laminate

你必须在你的模板中使用 Lua，但 Lua 已经比尝试使用 Liquid 好很多(它使你无法执行简单的赋值语法......)

You have to use Lua for your template, but Lua is already a lot better than trying to use liquid (which disable you from doing a simple assignment syntax...)

推荐答案

你应该考虑 Handlebars.rb.它使用 therubyracer 绑定到 Handlebars.js 的实际 JavaScript 实现，以便您可以从 ruby​​ 中使用它."

You should consider Handlebars.rb. It "uses therubyracer to bind to the actual JavaScript implementation of Handlebars.js so that you can use it from ruby."

这是他们的示例代码:

require 'handlebars'
handlebars = Handlebars::Context.new
template = handlebars.compile("{{say}}{{what}}")
template.call(:say => "Hey", :what => "Yuh!") #=> "Hey Yuh!"

这篇关于安全的 ERB 语言?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！