I am trying to nest one amrita template inside another. The problem I’m
having is that the one that gets nested gets sanitized so that all HTML
tags appear as literals. I thought one approach might be to turn off
sanitizing when I nest templates, but I figured there must be a better
way of doing this. What’s the “amrita way” of doing it? Here is some
sample code:
t = TemplateText.new <<-EOS
List of messages
tmpl.expand(STDOUT, data)
Thanks,
Carl
how about:
~/eg/ruby > cat amrita0.rb
require ‘amrita’
include Amrita
it = TemplateText.new <<-html
List of messages
ot = TemplateText.new <<-html
html
data = Hash.new{|h,k| h[k] = }
messages = %w(one two three)
messages.inject(data){|data, msg| data[:list] << {:msg => msg}; data}
msglist = it.expand(‘’, data)
data = Hash.new
data[:msglist] = noescape{ msglist }
ot.expand(STDOUT, data)
~/eg/ruby > ruby amrita0.rb
List of messages
or:
~/eg/ruby > cat amrita1.rb
require ‘amrita’
require ‘amrita/parts’
include Amrita
module View
class MsgList
TEMPLATE = TemplateText.new <<-html
List of messages
msglist = View::MsgList.new
msglist << ‘one’ << ‘two’ << ‘three’
t = TemplateText.new <<-html
html
t.expand STDOUT, {:msglist => msglist}
~/eg/ruby > ruby amrita1.rb
apparently the second is ‘experimental’. cool though.
cheers.
-a
On Fri, 19 Dec 2003, Carl Youngblood wrote:
I am trying to nest one amrita template inside another. The problem I’m
having is that the one that gets nested gets sanitized so that all HTML tags
appear as literals. I thought one approach might be to turn off sanitizing
when I nest templates, but I figured there must be a better way of doing
this. What’s the “amrita way” of doing it? Here is some sample code:inner template
t = TemplateText.new <<-EOS
List of messages
EOS d = Hash.new d[:list] = Array.new messages_array.each do |msg| d[:list] < msg } end t.expand(msglist, d) data[:msglist] = msglist
main template
tmpl.expand(STDOUT, data)
–
ATTN: please update your address books with address below!
===============================================================================
EMAIL :: Ara [dot] T [dot] Howard [at] noaa [dot] gov
PHONE :: 303.497.6469
ADDRESS :: E/GC2 325 Broadway, Boulder, CO 80305-3328
STP :: Solar-Terrestrial Physics Data | NCEI
NGDC :: http://www.ngdc.noaa.gov/
NESDIS :: http://www.nesdis.noaa.gov/
NOAA :: http://www.noaa.gov/
US DOC :: http://www.commerce.gov/The difference between art and science is that science is what we
understand well enough to explain to a computer.
Art is everything else.
– Donald Knuth, “Discover”/bin/sh -c ‘for l in ruby perl;do $l -e “print "\x3a\x2d\x29\x0a"”;done’
===============================================================================
build msglist
data = Hash.new{|h,k| h[k] = }
messages = %w(one two three)
messages.inject(data){|data, msg| data[:list] << {:msg => msg}; data}
msglist = it.expand(‘’, data)build main page
data = Hash.new
data[:msglist] = noescape{ msglist }
ot.expand(STDOUT, data)
By the way, on this first example, my installation of ruby/amrita did
not recognize the “noescape” method. Did you try this out?
Thanks,
Carl
I am trying to find a nice template solution in Ruby, and amrita looks
kind of good, but I’m also worried that it is moving further in a
direction that is against my interests. I noticed, for example, that in
the latest RELEASENOTE, under MergeTemplate, it says “not supported.
use Amulet instead.” And yet the amulet examples that it does show
don’t seem to accomplish quite the same things as merging two templates
together. (It would help if there actually was documentation for
amulet, but that is another story).
The problem, as I see it, is that the new examples that are shown have a
strong coupling between ruby code and templates. In the parts template,
for example, you are actually creating ruby classes for different HTML
elements.
What I really want is to have template files that don’t have an ounce of
ruby code inside of them, that I can give to a blockhead graphic
designer and just tell him that they are HTML snippets and that he can
change them all he wants as long as he doesn’t get rid of the amrita ids.
The templates have to be nestable, however, because I don’t want to have
to duplicate code from one page to the next.
So, I really appreciate your time, but the first example, which is
acceptable to my usage model, I couldn’t get working, and the other
example(s) really aren’t going to work with the way I want to develop my
site. Any other ideas?
Thanks,
Carl
Ara.T.Howard wrote:
On Fri, 19 Dec 2003, Carl Youngblood wrote:
I am trying to nest one amrita template inside another. The problem I’m
having is that the one that gets nested gets sanitized so that all HTML tags
appear as literals. I thought one approach might be to turn off sanitizing
when I nest templates, but I figured there must be a better way of doing
this. What’s the “amrita way” of doing it? Here is some sample code:inner template
t = TemplateText.new <<-EOS
List of messages
EOS d = Hash.new d[:list] = Array.new messages_array.each do |msg| d[:list] < msg } end t.expand(msglist, d) data[:msglist] = msglist
main template
tmpl.expand(STDOUT, data)
how about:
~/eg/ruby > cat amrita0.rb
require ‘amrita’
include Amritainner template
it = TemplateText.new <<-html
List of messages
html
outer template
ot = TemplateText.new <<-html
htmlbuild msglist
data = Hash.new{|h,k| h[k] = }
messages = %w(one two three)
messages.inject(data){|data, msg| data[:list] << {:msg => msg}; data}
msglist = it.expand(‘’, data)build main page
data = Hash.new
data[:msglist] = noescape{ msglist }
ot.expand(STDOUT, data)~/eg/ruby > ruby amrita0.rb
List of messages
- one
- two
- three
or:
~/eg/ruby > cat amrita1.rb
require ‘amrita’
require ‘amrita/parts’
include Amritamodule View
class MsgList
TEMPLATE = TemplateText.new <<-html
List of messages
html
attr :list
def initialize; @list = ; end
def << msg; @list << {:msg => msg}; self; end
end
MsgList::TEMPLATE.install_parts_to self
endmsglist = View::MsgList.new
msglist << ‘one’ << ‘two’ << ‘three’t = TemplateText.new <<-html
htmlt.expand STDOUT, {:msglist => msglist}
~/eg/ruby > ruby amrita1.rb
- one
- two
- three
apparently the second is ‘experimental’. cool though.
cheers.
-a
Ara.T.Howard wrote:
On Fri, 19 Dec 2003, Carl Youngblood wrote:
build main page
data = Hash.new
data[:msglist] = noescape{ msglist }
ot.expand(STDOUT, data)
I fixed the problem I was having by using SanitizedString[msglist]
instead of noescape{ msglist }. This may be a difference in the stable
and unstable releases. I’m using the unstable release, to try to get
some better performance with template caching.
Thanks,
Carl
From: Carl Youngblood [mailto:carl@ycs.biz]
So, I really appreciate your time, but the first example, which is
acceptable to my usage model, I couldn’t get working, and the other
example(s) really aren’t going to work with the way I want to develop my
site. Any other ideas?
noescape {} should work: what version of Amrita/Ruby are you running? Did
you include Amrita?
In Amrita 1.02, noescape is defined on line 715 of amrita/format.rb. I’m
pushing the point because its a good solution to your problems, and its a
bit odd that its failing…
yeah i did:
~ > ruby -r amrita/template -e ‘include Amrita; TemplateText.new(“
”).expand STDOUT,{:p=>noescape{“”}}’
~ >looks like i have version 1.0.2.
and you?
i posted a ‘better’ part example earlier today… amrita is a really great
package.
cheers.
-a
On Fri, 19 Dec 2003, Carl Youngblood wrote:
Date: Fri, 19 Dec 2003 10:24:15 -0700
From: Carl Youngblood carl@ycs.biz
To: Ara.T.Howard@noaa.gov
Newsgroups: comp.lang.ruby
Subject: Re: amrita questionbuild msglist
data = Hash.new{|h,k| h[k] = }
messages = %w(one two three)
messages.inject(data){|data, msg| data[:list] << {:msg => msg}; data}
msglist = it.expand(‘’, data)build main page
data = Hash.new
data[:msglist] = noescape{ msglist }
ot.expand(STDOUT, data)By the way, on this first example, my installation of ruby/amrita did
not recognize the “noescape” method. Did you try this out?
–
ATTN: please update your address books with address below!
===============================================================================
EMAIL :: Ara [dot] T [dot] Howard [at] noaa [dot] gov
PHONE :: 303.497.6469
ADDRESS :: E/GC2 325 Broadway, Boulder, CO 80305-3328
STP :: Solar-Terrestrial Physics Data | NCEI
NGDC :: http://www.ngdc.noaa.gov/
NESDIS :: http://www.nesdis.noaa.gov/
NOAA :: http://www.noaa.gov/
US DOC :: http://www.commerce.gov/The difference between art and science is that science is what we
understand well enough to explain to a computer.
Art is everything else.
– Donald Knuth, “Discover”/bin/sh -c ‘for l in ruby perl;do $l -e “print "\x3a\x2d\x29\x0a"”;done’
===============================================================================
I am trying to find a nice template solution in Ruby, and amrita looks kind
of good, but I’m also worried that it is moving further in a direction that
is against my interests. I noticed, for example, that in the latest
RELEASENOTE, under MergeTemplate, it says “not supported. use Amulet
instead.” And yet the amulet examples that it does show don’t seem to
accomplish quite the same things as merging two templates together. (It
would help if there actually was documentation for amulet, but that is
another story).The problem, as I see it, is that the new examples that are shown have a
strong coupling between ruby code and templates. In the parts template, for
example, you are actually creating ruby classes for different HTML elements.
i can easily see (share) that point of view.
What I really want is to have template files that don’t have an ounce of
ruby code inside of them, that I can give to a blockhead graphic designer
and just tell him that they are HTML snippets and that he can change them
all he wants as long as he doesn’t get rid of the amrita ids.
AND their nesting since:
!=
not that it’s too tough a requirement… i’ve been doing my stuff the same
way. i provide a means to dynamically link in style sheets, make basic
templates and say “don’t like, fix it!”. saves me from changing the bloody
colour of tables cells, etc.
The templates have to be nestable, however, because I don’t want to have to
duplicate code from one page to the next.
what’s wrong with sanitzing your nested templates? or using noescape with
appropriate amrita version? as far as i can tell that’s what it’s there for:
filling in html with html. i hate security anyway. 
So, I really appreciate your time, but the first example, which is
acceptable to my usage model, I couldn’t get working, and the other
example(s) really aren’t going to work with the way I want to develop my
site. Any other ideas?
how about:
~/eg/ruby > cat amrita0.rb
require ‘amrita’
include Amrita
it = TemplateText.new <<-html
List of messages
ot = TemplateText.new <<-html
html
data = Hash.new{|h,k| h[k] = }
messages = %w(one two three)
messages.inject(data){|data, msg| data[:list] << {:msg => msg}; data}
msglist = it.expand(‘’, data)
data = Hash.new
data[:msglist] = SanitizedString[msglist]
ot.expand(STDOUT, data)
~/eg/ruby > ruby !$
List of messages
i thinks using SanitizedString for these cases (re-using bits and peices) is
perfectly valid since you, the programmer has complete control over what and
where they go. the only possible problem would be filling in these bits from
dynamic user input - even then you can be sure to CGI::escape the user input
to remove and potential XSS attacks. easy cheesey.
the point is this:
iff you are going to expand html in html there is always the possibility of
inserting something malicious or simply incorrect. amrita protects against
this by default, but gives you the means to turn it off - i can only assume
that this ability was provided for your exact usage.
having said that, have you checked out misen? i like it, but it does break
html (though not very badly). it’s ‘aquisitive’ feature is really cool. for
the moment however i’m sticking with amrita because it does not break html and
seems to be under active development.
please let me know what solution you end up going with since i’m quite
interested in the best approach to this problem as well.
regards.
-a
ATTN: please update your address books with address below!
===============================================================================
EMAIL :: Ara [dot] T [dot] Howard [at] noaa [dot] gov
PHONE :: 303.497.6469
ADDRESS :: E/GC2 325 Broadway, Boulder, CO 80305-3328
STP :: Solar-Terrestrial Physics Data | NCEI
NGDC :: http://www.ngdc.noaa.gov/
NESDIS :: http://www.nesdis.noaa.gov/
NOAA :: http://www.noaa.gov/
US DOC :: http://www.commerce.gov/The difference between art and science is that science is what we
understand well enough to explain to a computer.
Art is everything else.
– Donald Knuth, “Discover”/bin/sh -c ‘for l in ruby perl;do $l -e “print "\x3a\x2d\x29\x0a"”;done’
===============================================================================
I’m using the unstable 1.8.2 version. I just figured out that noescape
is not defined in this version, but you can accomplish the same thing
with SantizedString[“text to put in verbatim without escaping”]
Thanks,
Carl
David Naseby wrote:
From: Carl Youngblood [mailto:carl@ycs.biz]
So, I really appreciate your time, but the first example, which is
acceptable to my usage model, I couldn’t get working, and the other
example(s) really aren’t going to work with the way I want to develop my
site. Any other ideas?noescape {} should work: what version of Amrita/Ruby are you running? Did
you include Amrita?In Amrita 1.02, noescape is defined on line 715 of amrita/format.rb. I’m
pushing the point because its a good solution to your problems, and its a
bit odd that its failing…
Sorry, I guess we are having a problem with the delayed reaction time of
NNTP. I was able to fix the problem as soon as I figured out that
SanitizedString does the same thing that noescape did in version 1 of
amrita. I was trying to use noescape with version 1.8 and it didn’t
recognize it. After fixing that, I’m satisfied with amrita for
templating, although I may check out misen as well.
I don’t really care that much about the fancy features of amrita, as
long as it has nested templates and can define looping structures like
table rows and things. That’s another key feature: there should be a
good separation between the application and presentation layers, meaning
that all the application layer should do is pass the right data to the
templating engine and it should be able to fill in all the looped
structures and stuff. This amrita does well, so I think I’ll stay with
it for a while. PHP has a nice solution called Smarty, which I like
more than amrita, but amrita will do for now.
Thanks,
Carl
Ara.T.Howard wrote:
On Fri, 19 Dec 2003, Carl Youngblood wrote:
I am trying to find a nice template solution in Ruby, and amrita looks kind
of good, but I’m also worried that it is moving further in a direction that
is against my interests. I noticed, for example, that in the latest
RELEASENOTE, under MergeTemplate, it says “not supported. use Amulet
instead.” And yet the amulet examples that it does show don’t seem to
accomplish quite the same things as merging two templates together. (It
would help if there actually was documentation for amulet, but that is
another story).The problem, as I see it, is that the new examples that are shown have a
strong coupling between ruby code and templates. In the parts template, for
example, you are actually creating ruby classes for different HTML elements.i can easily see (share) that point of view.
What I really want is to have template files that don’t have an ounce of
ruby code inside of them, that I can give to a blockhead graphic designer
and just tell him that they are HTML snippets and that he can change them
all he wants as long as he doesn’t get rid of the amrita ids.AND their nesting since:
!=
not that it’s too tough a requirement… i’ve been doing my stuff the same
way. i provide a means to dynamically link in style sheets, make basic
templates and say “don’t like, fix it!”. saves me from changing the bloody
colour of tables cells, etc.The templates have to be nestable, however, because I don’t want to have to
duplicate code from one page to the next.what’s wrong with sanitzing your nested templates? or using noescape with
appropriate amrita version? as far as i can tell that’s what it’s there for:
filling in html with html. i hate security anyway.So, I really appreciate your time, but the first example, which is
acceptable to my usage model, I couldn’t get working, and the other
example(s) really aren’t going to work with the way I want to develop my
site. Any other ideas?how about:
~/eg/ruby > cat amrita0.rb
require ‘amrita’
include Amritainner template
it = TemplateText.new <<-html
List of messages
html
outer template
ot = TemplateText.new <<-html
htmlbuild msglist
data = Hash.new{|h,k| h[k] = }
messages = %w(one two three)
messages.inject(data){|data, msg| data[:list] << {:msg => msg}; data}
msglist = it.expand(‘’, data)build main page
data = Hash.new
data[:msglist] = SanitizedString[msglist]
ot.expand(STDOUT, data)~/eg/ruby > ruby !$
List of messages
- one
- two
- three
i thinks using SanitizedString for these cases (re-using bits and peices) is
perfectly valid since you, the programmer has complete control over what and
where they go. the only possible problem would be filling in these bits from
dynamic user input - even then you can be sure to CGI::escape the user input
to remove and potential XSS attacks. easy cheesey.the point is this:
iff you are going to expand html in html there is always the possibility of
inserting something malicious or simply incorrect. amrita protects against
this by default, but gives you the means to turn it off - i can only assume
that this ability was provided for your exact usage.having said that, have you checked out misen? i like it, but it does break
html (though not very badly). it’s ‘aquisitive’ feature is really cool. for
the moment however i’m sticking with amrita because it does not break html and
seems to be under active development.please let me know what solution you end up going with since i’m quite
interested in the best approach to this problem as well.regards.
-a