I frequently use Sinatra for smallish projects. It's pretty good for what I need but I miss the ability to mark strings as HTML safe, and then ERB knowing when to escape or not escape accordingly.
I'd really like it if I could rip out the patches that Rails makes to Erubi (around here) and then apply those patches to Erubi myself so that tilt can just use the monkey-patched Erubi and everyone lives happily ever after. However, after digging around in the source, it's not clear to me how I could actually accomplish that.
I also tried to find some way to get an interface into ActionView like the render method, but I couldn't even find where that was defined.
How can I use ActionView outside of Rails, ideally by using ActionView's monkey-patches to Erubi, or if that won't work, how else can I use ActionView to go from template string to rendered string outside Rails?
Specifically, I'd like to be able to do the following:
def some_wrapper_func(unescaped_html)
"<div>#{h unescaped_html}</div>".html_safe
end
# test1.erb
hello world <%= "<script>alert('hi');</script>" %> <%= some_wrapper_func("<span>foobar</span>") %>
#=> hello world <script>alert('hi');</script> <div><span>foobar</span></div>
What you need here is ActiveSupport. I'm not sure if it is overkill or not, but you can do this:
#app.rb:
require 'sinatra'
require 'active_support/all'
get '/' do
erb :index
end
And in a view:
#views/index.erb
Hello, world!
<%= "<script>alert('Hello!')</script>".html_safe %>
Mind that requre 'active_support' will load nothing and requre 'active_support' will load all modules. You can specify what modules do need as described
in Active Support Core Extensions.
If the only goal is to enable auto-escaping, there is no need for ActionView at all. It can be done like this (mind the <%== %> tag):
#app.rb
require 'sinatra'
require 'erubis'
set :erb, :escape_html => true
get '/' do
erb :index
end
#View
<%= "<script>alert('Hello, and it will not produce alert!')</script>" %>
<%== "<script>alert('Hello and it will!')</script>" %>
We will try to get ActionView up and running with Sinatra (or any Ruby program):
require 'sinatra'
require 'action_view'
get '/' do
av_render :index
end
def av_render view
paths = ActionView::PathSet.new(["views"])
lookup_context = ActionView::LookupContext.new(paths)
renderer = ActionView::Renderer.new(lookup_context)
view_context = ActionView::Base.new(renderer)
renderer.render(view_context, template: view)
end
And in the view we use html_safe:
<%= "<script>alert('Hello, and it will not produce alert!')</script>" %>
<%= "<script>alert('Hello and it will!')</script>".html_safe %>
Wrapper functions also work with this approach. The only problem here is a custom-render method, but it can be avoided.
If you'd like to avoid ActionView entirely and just use Tilt+Erubi, you can actually create for yourself a SafeString class and have Erubi use it for compilation.
Erubi takes some important options, specifically:
- escape: If this is true, then <%= %> will escape by default, otherwise only <%== %> will escape by default
- bufval: Internally, erubi uses what is basically an accumulator to build up your template. This is the value that it will initialize that accumulator to. It is important that it has a <<(str) method to concat new pieces on, and a to_s method to get the return value out.
- escapefunc: The function that Erubi will use for escaping. It's important to override this, because we'll want to escape anything that isn't a SafeString but let SafeStrings pass through unchanged.
So, first let's define this SafeString class:
# main.rb
require 'tilt'
require 'erubi'
class SafeString
def initialize(str = '')
#str = str
end
def <<(str)
if str.is_a? String
return (#str << str)
elsif str.is_a? SafeString
#str = #str << str
return self
else
throw "Can't concat"
end
end
def to_s
#str
end
def self.escape(val)
if val.is_a? SafeString
return val.to_s
else
return Erubi.h(val.to_s)
end
end
module Helpers
def raw(content)
SafeString.new(content)
end
end
end
Then, we'll need to include the raw helper we defined and to test it on an ERB file:
include SafeString::Helpers
puts Tilt::ErubiTemplate.new("somefile.erb", bufval: 'SafeString.new', escapefunc: 'SafeString.escape', escape: true).render
# somefile.erb
<%= "<script>alert('Hello, and it will not produce alert!')</script>" %>
<%= raw("<script>alert('Hello and it will!')</script>") %>
And this will give us the output we desire!
# stdout
<script>alert('Hello, and it will not produce alert!')</script>
<script>alert('Hello and it will!')</script>
To improve this, instead of this minimal SafeString class, you could use ActiveSupport::SafeBuffer.
Related
I'm using the gem "redcarpet". And I have a markdown file. I want to be able to render it with some ruby variables. Something like this:
# my_file.md
###Something
fdafdsfdsfds
---
<% for n in my_numbers do %>
<%= n %>
<% end %>
What's the proper way to do something like this? How can I pass and render a ruby
variable?
You can use the erb library which is included in ruby, but you have to require it:
require 'erb'
require 'redcarpet'
input = File.read "./file.md"
markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, autolink: true, tables: true)
output = markdown.render ERB.new(input).result(binding)
File.open("output.html", "w") { |f| f.write output }
You can customize the markdown renderer by referencing the redcarpet readme
As rails 5.1+ switched to erubi I tried to use that in ruby script:
require 'erubi'
template = Erubi::Engine.new("<%= test %>", escape: true)
However I'm stacked trying to render that template to html.
erubi source code: https://github.com/jeremyevans/erubi
erubi is fork of erubis, and in erubis the rendering is done via result method:
require 'erubis'
template = Erubis::Eruby.new("<%= test %>", escape: true)
template.result test: "<br>here" #=> "<br>here"
However there's no result method in erubi.
From the Erubi README (it says “for a file” but it appears to mean “for a template”):
Erubi only has built in support for retrieving the generated source for a file:
require 'erubi'
eval(Erubi::Engine.new(File.read('filename.erb')).src)
So you will need to use one of the eval variants to run from a standalone script.
template = Erubi::Engine.new("7 + 7 = <%= 7 + 7 %>")
puts eval(template.src)
Outputs 7 + 7 = 14.
If you want to be able to use instance variables in your template as you might be used to from Rails, Sinatra etc., you will need to create a context object and use instance_eval:
class Context
attr_accessor :message
end
template = Erubi::Engine.new("Message is: <%= #message %>")
context = Context.new
context.message = "Hello"
puts context.instance_eval(template.src)
Outputs Message is: Hello.
In rails 5.1 I switched out the Erubis::Eruby.new code to the following:
ActionController::Base.render(inline: "<%= test %>", locals: {test: "<br>here"})
Rails will do the heavy lifting.
I'm working on a Sinatra app and want to write my own form helpers. In my erb file I want to use the rails 2.3 style syntax and pass a block to a form_helper method:
<% form_helper 'action' do |f| %>
<%= f.label 'name' %>
<%= f.field 'name' %>
<%= f.button 'name' %>
<% end %>
Then in my simplified form helper I can create a FormBuilder class and yield the methods to the erb block like so:
module ViewHelpers
class FormBuilder
def label(name)
name
end
def field(name)
name
end
def button(name)
name
end
end
def form_helper(action)
form = FormBuilder.new
yield(form)
end
end
What I don't understand is how to output the surrounding <form></form> tags. Is there a way to append text on only the first and last <%= f.___ %> tags?
Rails has had to use some tricks in order to get block helpers to work as wanted, and they changed moving from Rails 2 to Rails 3 (see the blogposts Simplifying Rails Block Helpers and Block Helpers in Rails 3 for more info).
The form_for helper in Rails 2.3 works by directly writing to the output buffer from the method, using the Rails concat method. In order to do something similar in Sinatra, you’ll need to find a way of writing to the output from your helper in the same way.
Erb works by creating Ruby code that builds up the output in a variable. It also allows you to set the name of this variable, by default it is _erbout (or _buf in Erubis). If you change this to be an instance variable rather than a local variable (i.e. provide a variable name that starts with #) you can access it from helpers. (Rails uses the name #output_buffer).
Sinatra uses Tilt for rendering templates, and Tilt provides an :outvar option for setting the variable name in Erb or Erubis templates.
Here’s an example of how this would work:
# set the name of the output variable
set :erb, :outvar => '#output_buffer'
helpers do
def form_helper
# use the new name to write directly to the output buffer
#output_buffer << "<form>\n"
# yield to the block (this is a simplified example, you'll want
# to yield your FormBuilder object here)
yield
# after the block has returned, write any closing text
#output_buffer << "</form>\n"
end
end
With this (fairly simple) example, an Erb template like this:
<% form_helper do %>
... call other methods here
<% end %>
results in the generated HTML:
<form>
... call other methods here
</form>
What would the erb template look like for a ruby enumerator? The answer will be a erb template.
require "erb"
# build data class
class Foo < Array
def build
b = binding
# create and run templates, filling member data variables
ERB.new(File.read('test2.erb')).result b
end
end
# setup template data
bar = Foo.new([1,2,3])
puts bar.build
I would like some way of accessing the 1,2,3 items in the erb template.
Focus on Ruby 1.9.3 compatibility.
Note: the Class is an extension of Array, and I want to access the elements of this array in its erb template.
Ok, it was as simple as reaching into the self reference.
<% self.each{|element| %> <%= element %> <% } %>
I need to render a Sinatra erb template inside a class in my controller. I'm having issues calling this though. I've looked in the Sinatra rdocs and have come up with this:
Sinatra::Templates.erb :template_to_render
When I do this, I get the following error:
undefined method `erb' for Sinatra::Templates:Module
Is there a way to call this from another class?
To imitate rendering behavior of Sinatra controller in some other class (not controller) you can create module like this:
module ErbRender
include Sinatra::Templates
include Sinatra::Helpers
include Sinatra::ContentFor
def settings
#settings ||= begin
settings = Sinatra::Application.settings
settings.root = "#{ROOT}/app"
settings
end
end
def template_cache
#template_cache ||= Tilt::Cache.new
end
end
Here you may need to tune settings.root
Usage example:
class ArticleIndexingPostBody
include ErbRender
def get_body
erb :'amp/articles/show', layout: :'amp/layout'
end
end
This will properly render templates with layouts including content_for
why you don't require 'erb' and after use only erb
## You'll need to require erb in your app
require 'erb'
get '/' do
erb :index
end
You could have your class return the template name and render it in the main app.
Of course that's not exactly an answer (I don't have enough rep to add a comment with this account) and you're probably doing just that by now anyway...