I have released Erubis 2.6.0.
http://www.kuwata-lab.com/erubis/
http://www.kuwata-lab.com/erubis/support/
Erubis is another eRuby implementation which is very fast and
extensible than ERB and eruby.
Enhancements from 2.5.0:
* Improved support of Ruby on Rails 2.0.2.
New class ActionView::TemplateHandlers::Erubis is defined and
registered as default handler of *.html.erb and *.rhtml.
* '<%% %>' and '<%%= %>' are converted into '<% %>' and '<%= %>'
respectively.
This is for compatibility with ERB.
ex1.rhtml:
<ul>
<%% for item in @list %>
<li><%%= item %></li>
<%% end %>
</ul>
result:
$ erubis ex1.rhtml
<ul>
<% for item in @list %>
<li><%= item %></li>
<% end %>
</ul>
* '<%= -%>' removes tailing spaces and newlines.
This is for compatibiliy with ERB when trim mode is '-'.
'<%= =%>' also removes tailing spaces and newlines, and this is
Erubis-original enhancement (cooler than '<%= -%>', isn't it?).
ex2.rhtml:
<div>
<%= @var -%> # or <%= @var =%>
</div>
result (version 2.6.0):
$ erubis -c '{var: "AAA\n"}' ex2.rhtml
<div>
AAA
</div>
result (version 2.5.0):
$ erubis -c '{var: "AAA\n"}' ex2.rhtml
<div>
AAA
</div>
* Erubis::Eruby.load_file() now allows you to change cache filename.
ex.
eruby = Erubis::Eruby.load_file("ex3.rhtml",
:cachename=>'ex3.rhtml.cache')
···
--
regards,
makoto kuwata
i do have the same security prob with this version, here is my Apache2
log :
[Mon May 05 17:51:45 2008] [notice] Apache/2.2.8 (Unix) mod_ssl/2.2.8
OpenSSL/0.9.8g DAV/2 mod_ruby/1.2.6 Ruby/1.8.6(2007-09-24) PHP/5.2.5
configured -- resuming normal operations
[Mon May 05 17:53:16 2008] [error] [client 127.0.0.1] File does not
exist: /Users/yt/Sites/favicon.ico
[Mon May 05 17:53:18 2008] [error] mod_ruby: error in ruby
[Mon May 05 17:53:18 2008] [error] mod_ruby:
/opt/local/lib/ruby/gems/1.8/gems/erubis-2.6.0/lib/erubis/evaluator.rb:6
2:in `eval': Insecure operation - eval (SecurityError)
[Mon May 05 17:53:18 2008] [error] mod_ruby: from
/opt/local/lib/ruby/gems/1.8/gems/erubis-2.6.0/lib/erubis/evaluator.rb:6
2:in `result'
[Mon May 05 17:53:18 2008] [error] mod_ruby: from
/Users/yt/Sites/erubis/example3.rbx:15
[Mon May 05 17:53:18 2008] [error] mod_ruby: from
/opt/local/lib/ruby/1.8/apache/ruby-run.rb:53:in `load'
[Mon May 05 17:53:18 2008] [error] mod_ruby: from
/opt/local/lib/ruby/1.8/apache/ruby-run.rb:53:in `handler'
example3.rbx is the same as yours, i've only changed extension to .rbx :
#! /usr/bin/env ruby -wx
# example3.rb
require 'rubygems'
require 'erubis'
input=File.read('example3.eruby')
eruby=Erubis::EscapedEruby.new(input)
puts "-------- script source ---"
puts eruby.src
puts "-------- result ----------"
list=['<aaa>', 'b&b', '"ccc"']
puts eruby.result(binding())
···
makoto kuwata <kwa@kuwata-lab.com> wrote:
I have released Erubis 2.6.0.
--
Une Bévue
kwa@kuwata-lab.com wrote:
* Improved support of Ruby on Rails 2.0.2.
New class ActionView::TemplateHandlers::Erubis is defined and
registered as default handler of *.html.erb and *.rhtml.
Doesn't work over here with Rails 2.0.2 and Erubis 2.6.0. The reason is
because ActionView::Base doesn't have methods
register_default_template_handler nor register_template_handler. Those are
now in ActionView::Template.
I've posted a bug at Erubis' tracker
(http://rubyforge.org/tracker/index.php?func=detail&aid=20015&group_id=1320&atid=5201\)
that includes the simple fix (change "Base.class_eval" to
"Template.class_eval").
Dave
···
--
View this message in context: http://www.nabble.com/-ANN--Erubis-2.6.0-released---a-fast-and-extensible-eRuby-tp17062146p17116985.html
Sent from the ruby-talk mailing list archive at Nabble.com.