0

I'm developing a simple app that teaches people english. The app is based on 5 modules of 34 classes each - 170 total. Each class has its own html page.

Since i dont want to create a view for each class, i scaffolded an Aula model ("class" in portuguese) and saved the html of each class in the model's DB, so i could use only the standard Show view paths to show the classes using their individual id's.

Controller code:

 def show
  @aula = set_aula
 end

These HTML pages are being stored in the database as strings and then being outputted on the Show view using the html_safe method. 

#show view code: 
<%= @aula.aula.html_safe %>
#"aula" is the DB attribute with the html of each class

It rendered the HTML with no problems, and i got what i wanted. But since i'm creating a rails app, i decided to use embedded Ruby code like <%= link_to %> and <% image_tag %> mixed with the HTML of the classes to create links and show images, and the problem is that these links are being outputted as strings as well, just like any other line, instead of being read and executed as actual Ruby code.

I've been doing a lot of research, but so far I can't find exactly how to make the ERB code be read properly.

Maybe I need to save the HTML in the DB using another data type, or I need to use another method to render the HTML.

Caio Graco
  • 37
  • 5
  • 2
    I understand the problem. But I do not understand why you store ERB in the database. Can you please explain what you try to achieve? – spickermann Nov 12 '15 at 16:03
  • Mainly to link pages together and to render pictures from the asset pipeline – Caio Graco Nov 12 '15 at 16:19
  • 1
    And why do you need to store them in the database instead of files? – spickermann Nov 12 '15 at 16:23
  • 1
    Are you building a CMS of some kind? I agree with @spickerman there is no need to store this in the DB that I can think of. – engineersmnky Nov 12 '15 at 16:24
  • You can do those things without storing the HTML and ERB in the database. You haven't given us enough detailed information to help you with detailed answers; "[GIGO](https://en.wikipedia.org/wiki/Garbage_in,_garbage_out)". Please update your question with minimal examples of the code showing how you're processing the data and rendering it. – the Tin Man Nov 12 '15 at 16:25
  • Updated! Check it out – Caio Graco Nov 12 '15 at 16:44

1 Answers1

0

First, I'll answer your question, then make a suggestion that you think very carefully before using this approach.

The answer in the post https://stackoverflow.com/a/14351129/483133 shows how to render ERB directly from stored HTML text. Modifying this, here is some code you could use:

def show_html
   html = @aula.aula
   template = ERB.new(html)
   template.result.html_safe
end

# Run this from your controller action, for example, with

def show
  @aula = set_aula      
end

# inside your view show.erb.html 

<%= show_html %>

Warning

I would strongly recommend against finding a solution that allows Ruby code stored in the database to be run. If the pages are able to be written in any way by end users, rather than trusted software developers, then you have opened a huge security hole. Any Ruby code could be run on your server.

I would suggest you consider using a client-side rendering solution (such as Handlebars: http://handlebarsjs.com/ ), which allows for basic rendering of data dynamically in HTML, while not allowing code to be run on your server.

Community
  • 1
  • 1
Phil
  • 2,797
  • 1
  • 24
  • 30
  • The classes wont be added or edited by outside users, just by a trusted admin that, in this case, would be me. Only admin have access to the Aula's controller actions – Caio Graco Nov 12 '15 at 17:47
  • Phil, what code would i have to add to he view to make the show_html method be rendered? – Caio Graco Nov 13 '15 at 14:14
  • See my updated response to see how to instruct rails to render the ERB template text – Phil Nov 13 '15 at 14:27
  • Thanks! But now i got just plain html code being rendered, with out the css being applied. What i should do on the view file? – Caio Graco Nov 13 '15 at 14:50
  • OK - makes sense. Treat the show_html method like a render partial in your show view. See my edits. – Phil Nov 13 '15 at 14:59
  • Where would the show_html method go? Would it be a helper, or private method? And i keep getting just plain code being rendered,probably as a big string. I can get the css being applied to the code only when i call "html_safe" – Caio Graco Nov 13 '15 at 15:00
  • i changed the code in the show method of the controller back to that you had originally. Now, the view/aulas.show.erb.html file should have <%= show_html %> where you originally had <%= @aula.aula.html_safe %> It appears that I needed to add html_safe to the end of the show_html method. I'll update the response right now. Check all of the code in the answer again to see if it matches yours now. – Phil Nov 13 '15 at 15:40
  • Alright! Now the methods inside the html are being read, but i got a error message: undefined method `image_tag' for main:Object. i used some image_tag helpers to get some images from the asset pipeline, and now they are raising errors. But thank you for your support so far! – Caio Graco Nov 13 '15 at 15:52
  • Ok - sounds like those are different issues. Consider marking this answer as "accepted" then post a new question if needed. – Phil Nov 13 '15 at 20:27