安全的 ERB 语言? [英] Safe ERB Language?
问题描述
我想知道是否有一个安全的模板可以重新组装ERB.ERB 非常易于使用,但是在 CMS 中使用它的致命部分是过于强大的访问(您可以在几秒钟内用它写一些非常讨厌的东西......)所以我想知道是否有任何机会存在这样的语言.
I wonder if there is a safe template that reassemble ERB. ERB is very easy to use, but the deadly part to use that in a CMS is the over powerful access (you can just write some really nasty stuff with that in a matter of seconds...) So I wonder if there is any chance such language exist.
请我不想要半径/液体..... 写扩展太麻烦,模板语法本身不是我的一杯茶...如果可能的话,我想避免它.
Please I don't want radius/liquid..... writing extension for that is too much trouble and the template syntax itself is just not my cup of tea... I would want to avoid it if ever possible.
更新:这并不完美(因为它不是 erb)但似乎比 Liquid 好得多:http://github.com/scottpersinger/laminate
Update: This is not perfect (as its not erb) but seems way much better than Liquid: http://github.com/scottpersinger/laminate
你必须在你的模板中使用 Lua,但 Lua 已经比尝试使用 Liquid 好很多(它使你无法执行简单的赋值语法......)
You have to use Lua for your template, but Lua is already a lot better than trying to use liquid (which disable you from doing a simple assignment syntax...)
推荐答案
你应该考虑 Handlebars.rb一>.它使用 therubyracer 绑定到 Handlebars.js 的实际 JavaScript 实现,以便您可以从 ruby 中使用它."
You should consider Handlebars.rb. It "uses therubyracer to bind to the actual JavaScript implementation of Handlebars.js so that you can use it from ruby."
这是他们的示例代码:
require 'handlebars'
handlebars = Handlebars::Context.new
template = handlebars.compile("{{say}}{{what}}")
template.call(:say => "Hey", :what => "Yuh!") #=> "Hey Yuh!"
这篇关于安全的 ERB 语言?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!