Cloud Foundry: Design and Architecture
Derek Collison discusses the goals, the design premises and patterns employed in creating the architecture of Cloud Foundry, VMware’s open source PaaS, unveiling internal architectural details.
News
The content has been bookmarked!
There was an error bookmarking this content! Please retry.
Safe User-Generated Templates for Ruby and .NET
Posted by Jonathan Allen on Dec 06, 2011
Unlike other templating engines that focus on given as much power as possible to the user, Liquid is designed to restrict what the user can do. The goal is to allow end-users to create their own templates without jeopardizing the security of the server.
Liquid was originally created for the eCommerce platform Shopify and has been in production use since 2006. Tim Jones ported the engine to .NET under the name DotLiquid. Both versions get their safety by not allowing templates to access the underlying platform. Instead they use a highly restricted instruction set that is primarily limited to simple functions, called “filters”, and conditional statements. The Liquid markup syntax is the same for both versions.
Rendering templates involves two steps. First the source code is parsed into a reusable Template object. Then when needed the template’s render method is called. Since templates have no access to Ruby/.NET variables, these have to be passed in using a dictionary of key-value pairs.
Developers can create their own filters to be leveraged by their users. New filters can be exposed to a specific template or registered globally. Either way, they are essentially a function that accepts and returns a string. New tag blocks are somewhat more complicated, requiring both an initialization and a rendering phase. Fortunately most of the messiness is handled by calls to the base class.
Jürgen Bäurle goes further, showing how to create SharePoint specific extensions for DotLiquid.
RelatedVendorContent
RDBMS to NoSQL: Managing the Transition
Automating Error Reporting for .NET Applications
Visual Studio vNext: ALM features for Agile Planning, Team Collaboration
Troubleshoot Java/.NET performance while getting full visibility in production
Looks useful - though somewhat hard for the end user to use directly
by
Roopesh Shenoy
Posted
Re: Looks useful - though somewhat hard for the end user to use directly
by
Roopesh Shenoy
Posted
-
We just use RTF templates when we need flexibility - sure it's a hassle parsing the RTF document, but our users find it much easier to customize their report templates.
Liquid.NET is useful when the developers themselves want to customize the reports, to maybe suit multiple profiles. It is like a DSL - it's quicker to develop something in it, but you can't expect a teacher/principal/clerk/bank manager, who is busy enough doing her job, to use this to customize their templates. -
Of course that's for reports to be printed - web templates are out of the question.
2 comments
Watch Thread Reply