amrita question

[Carl Youngblood]

I am trying to nest one amrita template inside another. The problem I'm
having is that the one that gets nested gets sanitized so that all HTML
tags appear as literals. I thought one approach might be to turn off
sanitizing when I nest templates, but I figured there must be a better
way of doing this. What's the "amrita way" of doing it? Here is some
sample code:

# inner template
t = TemplateText.new <<-EOS
<p>List of messages</p>
<ul id="list">
<li id="msg"></li>
</ul>
EOS
d = Hash.new
d[:list] = Array.new
messages_array.each do |msg|
d[:list] << { :msg => msg }
end
t.expand(msglist, d)
data[:msglist] = msglist

# main template
tmpl.expand(STDOUT, data)

Thanks,
Carl

 

[Ara.T.Howard]

I am trying to nest one amrita template inside another. The problem I'm
having is that the one that gets nested gets sanitized so that all HTML tags
appear as literals. I thought one approach might be to turn off sanitizing
when I nest templates, but I figured there must be a better way of doing
this. What's the "amrita way" of doing it? Here is some sample code:

# inner template
t = TemplateText.new <<-EOS
<p>List of messages</p>
<ul id="list">
<li id="msg"></li>
</ul>
EOS
d = Hash.new
d[:list] = Array.new
messages_array.each do |msg|
d[:list] << { :msg => msg }
end
t.expand(msglist, d)
data[:msglist] = msglist

# main template
tmpl.expand(STDOUT, data)

how about:

~/eg/ruby > cat amrita0.rb
require 'amrita'
include Amrita

# inner template
it = TemplateText.new <<-html
<p>List of messages</p>
<ul id=list><li id=msg></li></ul>
html

# outer template
ot = TemplateText.new <<-html
<html><body><span id=msglist></span></body></html>
html

# build msglist
data = Hash.new{|h,k| h[k] = []}
messages = %w(one two three)
messages.inject(data){|data, msg| data[:list] << {:msg => msg}; data}
msglist = it.expand('', data)

# build main page
data = Hash.new
data[:msglist] = noescape{ msglist }
ot.expand(STDOUT, data)

~/eg/ruby > ruby amrita0.rb
<html><body><p>List of messages</p>
<ul><li>one</li></ul><ul><li>two</li></ul><ul><li>three</li></ul>
</body></html>

or:

~/eg/ruby > cat amrita1.rb
require 'amrita'
require 'amrita/parts'
include Amrita

module View
class MsgList
TEMPLATE = TemplateText.new <<-html
<p>List of messages</p>
<span class=MsgList>
<ul id=list><li id=msg></li></ul>
</span>
html
attr :list
def initialize; @list = []; end
def << msg; @list << {:msg => msg}; self; end
end
MsgList::TEMPLATE.install_parts_to self
end

msglist = View::MsgList.new
msglist << 'one' << 'two' << 'three'

t = TemplateText.new <<-html
<html><body><span id=msglist></span></body></html>
html

t.expand STDOUT, {:msglist => msglist}

~/eg/ruby > ruby amrita1.rb
<html><body>
<ul><li>one</li></ul><ul><li>two</li></ul><ul><li>three</li></ul>
</body></html>


apparently the second is 'experimental'. cool though.

cheers.

-a
--

ATTN: please update your address books with address below!

===============================================================================
| EMAIL :: Ara [dot] T [dot] Howard [at] noaa [dot] gov
| PHONE :: 303.497.6469
| ADDRESS :: E/GC2 325 Broadway, Boulder, CO 80305-3328
| STP :: http://www.ngdc.noaa.gov/stp/
| NGDC :: http://www.ngdc.noaa.gov/
| NESDIS :: http://www.nesdis.noaa.gov/
| NOAA :: http://www.noaa.gov/
| US DOC :: http://www.commerce.gov/
|
| The difference between art and science is that science is what we
| understand well enough to explain to a computer.
| Art is everything else.
| -- Donald Knuth, "Discover"
|
| /bin/sh -c 'for l in ruby perl;do $l -e "print \"\x3a\x2d\x29\x0a\"";done'
===============================================================================

 

[Carl Youngblood]

# build msglist

data = Hash.new{|h,k| h[k] = []}
messages = %w(one two three)
messages.inject(data){|data, msg| data[:list] << {:msg => msg}; data}
msglist = it.expand('', data)

# build main page
data = Hash.new
data[:msglist] = noescape{ msglist }
ot.expand(STDOUT, data)

By the way, on this first example, my installation of ruby/amrita did
not recognize the "noescape" method. Did you try this out?

Thanks,
Carl

 

[Ara.T.Howard]

Date: Fri, 19 Dec 2003 10:24:15 -0700
From: Carl Youngblood <[email protected]>
To: (e-mail address removed)
Newsgroups: comp.lang.ruby
Subject: Re: amrita question

# build msglist
data = Hash.new{|h,k| h[k] = []}
messages = %w(one two three)
messages.inject(data){|data, msg| data[:list] << {:msg => msg}; data}
msglist = it.expand('', data)

# build main page
data = Hash.new
data[:msglist] = noescape{ msglist }
ot.expand(STDOUT, data)

By the way, on this first example, my installation of ruby/amrita did
not recognize the "noescape" method. Did you try this out?

yeah i did:

~ > ruby -r amrita/template -e 'include Amrita; TemplateText.new("<p id=p></p>").expand STDOUT,{=>noescape{"<p>"}}' <p><p></p>~ >

looks like i have version 1.0.2.

and you?

i posted a 'better' part example earlier today... amrita is a really great
package.

cheers.

-a
--

ATTN: please update your address books with address below!

===============================================================================
| EMAIL :: Ara [dot] T [dot] Howard [at] noaa [dot] gov
| PHONE :: 303.497.6469
| ADDRESS :: E/GC2 325 Broadway, Boulder, CO 80305-3328
| STP :: http://www.ngdc.noaa.gov/stp/
| NGDC :: http://www.ngdc.noaa.gov/
| NESDIS :: http://www.nesdis.noaa.gov/
| NOAA :: http://www.noaa.gov/
| US DOC :: http://www.commerce.gov/
|
| The difference between art and science is that science is what we
| understand well enough to explain to a computer.
| Art is everything else.
| -- Donald Knuth, "Discover"
|
| /bin/sh -c 'for l in ruby perl;do $l -e "print \"\x3a\x2d\x29\x0a\"";done'
===============================================================================

 

[Carl Youngblood]

I am trying to find a nice template solution in Ruby, and amrita looks
kind of good, but I'm also worried that it is moving further in a
direction that is against my interests. I noticed, for example, that in
the latest RELEASENOTE, under MergeTemplate, it says "not supported.
use Amulet instead." And yet the amulet examples that it does show
don't seem to accomplish quite the same things as merging two templates
together. (It would help if there actually was documentation for
amulet, but that is another story).

The problem, as I see it, is that the new examples that are shown have a
strong coupling between ruby code and templates. In the parts template,
for example, you are actually creating ruby classes for different HTML
elements.

What I really want is to have template files that don't have an ounce of
ruby code inside of them, that I can give to a blockhead graphic
designer and just tell him that they are HTML snippets and that he can
change them all he wants as long as he doesn't get rid of the amrita ids.

The templates have to be nestable, however, because I don't want to have
to duplicate code from one page to the next.

So, I really appreciate your time, but the first example, which is
acceptable to my usage model, I couldn't get working, and the other
example(s) really aren't going to work with the way I want to develop my
site. Any other ideas?

Thanks,
Carl

I am trying to nest one amrita template inside another. The problem I'm
having is that the one that gets nested gets sanitized so that all HTML tags
appear as literals. I thought one approach might be to turn off sanitizing
when I nest templates, but I figured there must be a better way of doing
this. What's the "amrita way" of doing it? Here is some sample code:

# inner template
t = TemplateText.new <<-EOS
<p>List of messages</p>
<ul id="list">
<li id="msg"></li>
</ul>
EOS
d = Hash.new
d[:list] = Array.new
messages_array.each do |msg|
d[:list] << { :msg => msg }
end
t.expand(msglist, d)
data[:msglist] = msglist

# main template
tmpl.expand(STDOUT, data)

how about:

~/eg/ruby > cat amrita0.rb
require 'amrita'
include Amrita

# inner template
it = TemplateText.new <<-html
<p>List of messages</p>
<ul id=list><li id=msg></li></ul>
html

# outer template
ot = TemplateText.new <<-html
<html><body><span id=msglist></span></body></html>
html

# build msglist
data = Hash.new{|h,k| h[k] = []}
messages = %w(one two three)
messages.inject(data){|data, msg| data[:list] << {:msg => msg}; data}
msglist = it.expand('', data)

# build main page
data = Hash.new
data[:msglist] = noescape{ msglist }
ot.expand(STDOUT, data)

~/eg/ruby > ruby amrita0.rb
<html><body><p>List of messages</p>
<ul><li>one</li></ul><ul><li>two</li></ul><ul><li>three</li></ul>
</body></html>

or:

~/eg/ruby > cat amrita1.rb
require 'amrita'
require 'amrita/parts'
include Amrita

module View
class MsgList
TEMPLATE = TemplateText.new <<-html
<p>List of messages</p>
<span class=MsgList>
<ul id=list><li id=msg></li></ul>
</span>
html
attr :list
def initialize; @list = []; end
def << msg; @list << {:msg => msg}; self; end
end
MsgList::TEMPLATE.install_parts_to self
end

msglist = View::MsgList.new
msglist << 'one' << 'two' << 'three'

t = TemplateText.new <<-html
<html><body><span id=msglist></span></body></html>
html

t.expand STDOUT, {:msglist => msglist}

~/eg/ruby > ruby amrita1.rb
<html><body>
<ul><li>one</li></ul><ul><li>two</li></ul><ul><li>three</li></ul>
</body></html>


apparently the second is 'experimental'. cool though.

cheers.

-a

 

[Ara.T.Howard]

I am trying to find a nice template solution in Ruby, and amrita looks kind
of good, but I'm also worried that it is moving further in a direction that
is against my interests. I noticed, for example, that in the latest
RELEASENOTE, under MergeTemplate, it says "not supported. use Amulet
instead." And yet the amulet examples that it does show don't seem to
accomplish quite the same things as merging two templates together. (It
would help if there actually was documentation for amulet, but that is
another story).

The problem, as I see it, is that the new examples that are shown have a
strong coupling between ruby code and templates. In the parts template, for
example, you are actually creating ruby classes for different HTML elements.

i can easily see (share) that point of view.

What I really want is to have template files that don't have an ounce of
ruby code inside of them, that I can give to a blockhead graphic designer
and just tell him that they are HTML snippets and that he can change them
all he wants as long as he doesn't get rid of the amrita ids.

__AND__ their nesting since:

<span id=foo><span id=bar></span></span> != <span id=foo></span><span id=bar></span>

not that it's too tough a requirement... i've been doing my stuff the same
way. i provide a means to dynamically link in style sheets, make basic
templates and say "don't like, fix it!". saves me from changing the bloody
colour of tables cells, etc.

The templates have to be nestable, however, because I don't want to have to
duplicate code from one page to the next.

what's wrong with sanitzing your nested templates? or using noescape with
appropriate amrita version? as far as i can tell that's what it's there for:
filling in html with html. i hate security anyway. ;-)

So, I really appreciate your time, but the first example, which is
acceptable to my usage model, I couldn't get working, and the other
example(s) really aren't going to work with the way I want to develop my
site. Any other ideas?

how about:

~/eg/ruby > cat amrita0.rb
require 'amrita'
include Amrita

# inner template
it = TemplateText.new <<-html
<p>List of messages</p>
<ul id=list><li id=msg></li></ul>
html

# outer template
ot = TemplateText.new <<-html
<html><body><span id=msglist></span></body></html>
html

# build msglist
data = Hash.new{|h,k| h[k] = []}
messages = %w(one two three)
messages.inject(data){|data, msg| data[:list] << {:msg => msg}; data}
msglist = it.expand('', data)

# build main page
data = Hash.new
data[:msglist] = SanitizedString[msglist]
ot.expand(STDOUT, data)


~/eg/ruby > ruby !$
<html><body>
<p>List of messages</p>
<ul><li>one</li></ul><ul><li>two</li></ul><ul><li>three</li></ul>
</body></html>


i thinks using SanitizedString for these cases (re-using bits and peices) is
perfectly valid since you, the programmer has complete control over what and
where they go. the only possible problem would be filling in these bits from
dynamic user input - even then you can be sure to CGI::escape the user input
to remove and potential XSS attacks. easy cheesey.

the point is this:

iff you are going to expand html in html there is always the possibility of
inserting something malicious or simply incorrect. amrita protects against
this by default, but gives you the means to turn it off - i can only assume
that this ability was provided for your exact usage.

having said that, have you checked out misen? i like it, but it does break
html (though not very badly). it's 'aquisitive' feature is really cool. for
the moment however i'm sticking with amrita because it does not break html and
seems to be under active development.

please let me know what solution you end up going with since i'm quite
interested in the best approach to this problem as well.

regards.

-a
--

ATTN: please update your address books with address below!

===============================================================================
| EMAIL :: Ara [dot] T [dot] Howard [at] noaa [dot] gov
| PHONE :: 303.497.6469
| ADDRESS :: E/GC2 325 Broadway, Boulder, CO 80305-3328
| STP :: http://www.ngdc.noaa.gov/stp/
| NGDC :: http://www.ngdc.noaa.gov/
| NESDIS :: http://www.nesdis.noaa.gov/
| NOAA :: http://www.noaa.gov/
| US DOC :: http://www.commerce.gov/
|
| The difference between art and science is that science is what we
| understand well enough to explain to a computer.
| Art is everything else.
| -- Donald Knuth, "Discover"
|
| /bin/sh -c 'for l in ruby perl;do $l -e "print \"\x3a\x2d\x29\x0a\"";done'
===============================================================================

 

[Carl Youngblood]

On Fri, 19 Dec 2003, Carl Youngblood wrote:

# build main page
data = Hash.new
data[:msglist] = noescape{ msglist }
ot.expand(STDOUT, data)

I fixed the problem I was having by using SanitizedString[msglist]
instead of noescape{ msglist }. This may be a difference in the stable
and unstable releases. I'm using the unstable release, to try to get
some better performance with template caching.

Thanks,
Carl

 

[Carl Youngblood]

Sorry, I guess we are having a problem with the delayed reaction time of
NNTP. I was able to fix the problem as soon as I figured out that
SanitizedString does the same thing that noescape did in version 1 of
amrita. I was trying to use noescape with version 1.8 and it didn't
recognize it. After fixing that, I'm satisfied with amrita for
templating, although I may check out misen as well.

I don't really care that much about the fancy features of amrita, as
long as it has nested templates and can define looping structures like
table rows and things. That's another key feature: there should be a
good separation between the application and presentation layers, meaning
that all the application layer should do is pass the right data to the
templating engine and it should be able to fill in all the looped
structures and stuff. This amrita does well, so I think I'll stay with
it for a while. PHP has a nice solution called Smarty, which I like
more than amrita, but amrita will do for now.

Thanks,
Carl

I am trying to find a nice template solution in Ruby, and amrita looks kind
of good, but I'm also worried that it is moving further in a direction that
is against my interests. I noticed, for example, that in the latest
RELEASENOTE, under MergeTemplate, it says "not supported. use Amulet
instead." And yet the amulet examples that it does show don't seem to
accomplish quite the same things as merging two templates together. (It
would help if there actually was documentation for amulet, but that is
another story).

The problem, as I see it, is that the new examples that are shown have a
strong coupling between ruby code and templates. In the parts template, for
example, you are actually creating ruby classes for different HTML elements.

i can easily see (share) that point of view.

What I really want is to have template files that don't have an ounce of
ruby code inside of them, that I can give to a blockhead graphic designer
and just tell him that they are HTML snippets and that he can change them
all he wants as long as he doesn't get rid of the amrita ids.

__AND__ their nesting since:

<span id=foo><span id=bar></span></span> != <span id=foo></span><span id=bar></span>

not that it's too tough a requirement... i've been doing my stuff the same
way. i provide a means to dynamically link in style sheets, make basic
templates and say "don't like, fix it!". saves me from changing the bloody
colour of tables cells, etc.

The templates have to be nestable, however, because I don't want to have to
duplicate code from one page to the next.

what's wrong with sanitzing your nested templates? or using noescape with
appropriate amrita version? as far as i can tell that's what it's there for:
filling in html with html. i hate security anyway. ;-)

So, I really appreciate your time, but the first example, which is
acceptable to my usage model, I couldn't get working, and the other
example(s) really aren't going to work with the way I want to develop my
site. Any other ideas?

how about:

~/eg/ruby > cat amrita0.rb
require 'amrita'
include Amrita

# inner template
it = TemplateText.new <<-html
<p>List of messages</p>
<ul id=list><li id=msg></li></ul>
html

# outer template
ot = TemplateText.new <<-html
<html><body><span id=msglist></span></body></html>
html

# build msglist
data = Hash.new{|h,k| h[k] = []}
messages = %w(one two three)
messages.inject(data){|data, msg| data[:list] << {:msg => msg}; data}
msglist = it.expand('', data)

# build main page
data = Hash.new
data[:msglist] = SanitizedString[msglist]
ot.expand(STDOUT, data)


~/eg/ruby > ruby !$
<html><body>
<p>List of messages</p>
<ul><li>one</li></ul><ul><li>two</li></ul><ul><li>three</li></ul>
</body></html>


i thinks using SanitizedString for these cases (re-using bits and peices) is
perfectly valid since you, the programmer has complete control over what and
where they go. the only possible problem would be filling in these bits from
dynamic user input - even then you can be sure to CGI::escape the user input
to remove and potential XSS attacks. easy cheesey.

the point is this:

iff you are going to expand html in html there is always the possibility of
inserting something malicious or simply incorrect. amrita protects against
this by default, but gives you the means to turn it off - i can only assume
that this ability was provided for your exact usage.

having said that, have you checked out misen? i like it, but it does break
html (though not very badly). it's 'aquisitive' feature is really cool. for
the moment however i'm sticking with amrita because it does not break html and
seems to be under active development.

please let me know what solution you end up going with since i'm quite
interested in the best approach to this problem as well.

regards.

-a