Hi all. greetings.. I have came across a situation where I let CMS user/admin on my site to create a page with the HTML editor(tiny_mce)and he wants me to run some ruby code to generate the dynamic content through that.. The data (HTML) is getting saved in the database and while showing it on page I am fetching and decoding it with HTML entities(gem). Now the problem is the ruby tags are not working on it.. If you have any Ideas, any experience to call the ruby tags on page pls reply .
I think it would be a massive security hole - what if the ruby code was something like User.destroy_all ?
I presume this is a rails application. Maybe you could add a helper method to retrieve the data he's trying to display, and let him call the helper from his code using a tag format that you implement yourself?
page_text = Page.find(params[:id]).text if page_text =~ /###dynamic_content_here###/
dynamic_content = get_dynamic_content() page_text.gsub(/###dynamic_content_here###/, dynamic_content)
end render :partial=>'whatever', :page_text=>page_text
Thanks for the help!! I would like to implement by this method also. I have solved this problem in a way, my CMS user will create a HTML, I asked him to put a ruby tag in it to generate dynamic content and then saved the file as _some_name.rhtml and then I rendered that file. So the HTML will run as it is and also the ruby tags works well. Thanks again!!