Embed Size (px)
Citation preview
Liquor, Liquidи другие безопасные языки разметки в
RoR
Тимофей Цветков, EvilMartians
Safe templates
То, что не страшно разрешить
редактировать пользователю
Safe Templates?
Shopify
Safe Templates?
multi site app with custom user design
email templates
Solutions•Radius http://radius.rubyforge.org
•Ruty http://ruty.rubyforge.org
•Laminate http://github.com/scottpersinger/laminate
•cs/Template http://cstemplate.rubyforge.org
Radius
context = Radius::Context.new do |c| c.define_tag 'repeat' do |tag| number = (tag.attr['times'] || '1').to_i result = '' number.times { result << tag.expand } result end end
Ruty
Похож на Liquid
Rutyclass YourClass def foo 42 end def bar 23 end def delete # delete object here, not possible to do from the # template because not safe end def ruty_safe? name return [:foo, :bar].include?(name) endend
Laminate
‘Laminate is a system for executing user-written
templates built using the Lua language’
cs/Template
‘cs/Template is a fast, generic template engine
for Ruby, written in C’
Liquid
Shopify, Mephisto and many others
Liquid<ul id="products"> {% for product in products %} <li> <h2>{{product.title}}</h2> Only {{product.price | format_as_money }} <p>{{product.description | prettyprint | truncate: 200 }}</p> </li> {% endfor %} </ul>
Liquid::Dropclass Post < ActiveRecord::Base
liquid_methods :title, :body end
class Post < ActiveRecord::Basedef to_liquid
PostDrop.new selfend
end
Liquid::Dropclass Liquid::Drop
alias :[], :invoke_dropdef invoke_drop
methods = self.class.public_instance_methods.map{ |m| m.to_s }
if methods.include? method.to_ssend(method.to_sym)
elsebefore_method(method)
endend
def before_method(method)nil
endend
Liquid suxx
Drops suxx
methods? named_scopes? associations?
Liquor
http://github.com/evilmartians/liquor
Liquor
class PostDrop < Liquor::Dropliquor_attributes << :title << :bodyliquor_names_scopes << :recent << :for_tag
belongs_to :bloghas_many :commentshas_one :author
end
Liquor
Filters, content_for and yield tags
Liquor. Expressions
{% assign playlists = site.playlists|by_name:artist.name %}
{% for artist in site.artists.active|scoped_to:genre %}
Liquorclass ActiveRecord::NamedScope
def to_liquorself
endend
But only array and .paginate methods are allowed
Liquor
We use it in production:kasta.rurespectproduction.com (comming soon)
Красный быстрый
96 капель.Горящий куантро и еще кое-что...
Да, мы будем компилировать
ror2ru
Накуси выкуси
Троллинг
