Menu
I just discovered Erubis, a replacement for the default view renderer for Ruby on Rails. However, from what I can tell from reading about it, it's superior across the board.
It is much faster.
It has many more options.
It can prevent cross site scripting without having to use h.
Does this have any disadvantages versus the standard erb renderer? Why isn't this the standard renderer packaged with Rails?
Also, the docs for Erubis say to install it just by installing the gem, and then add the following to environment.rb:
require 'erubis/helpers/rails_helper'
#Erubis::Helpers::RailsHelper.engine_class = Erubis::Eruby # or Erubis::FastEruby
Reading the docs, FastEruby seems to be just a faster renderer than Eruby. Why wouldn't it be default and used by everyone?
I'm highly interested in using the engine erubis::EscapedEruby which automatically calls h to escape html on fields from the database. Are there any gotchas I should be aware of or does this pretty much solve all cross site scripting?
622
The Rails team agrees. Erubis is the default in Rails 3 beta versions, and will be the default when Rails 3 is released. Yehuda Katz mentioned it in his blog, and Erubis is listed as a dependency for Action Pack in the current Rails 3 betas.
185
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
