Class: Cadenza::FilesystemLoader
- Inherits:
-
Object
- Object
- Cadenza::FilesystemLoader
- Defined in:
- lib/cadenza/filesystem_loader.rb
Overview
The FilesystemLoader is a very simple loader object which takes a given “root” directory and loads templates using the filesystem. Relative file paths from this directory should be used for template names.
This implemenation makes no attempt to be secure so upwards relative file paths could be used to load sensitive files into the output template.
“‘django
{# assuming you add /home/someuser as a loaded path #}
{{ load '../../etc/passwd' }}
“‘
If you allow loading to be used for insecure user content then consider using a more secure loader class such as ZipLoader or writing a simple loader for your database connection.
Instance Attribute Summary collapse
-
#path ⇒ String
The path on the filesystem to load relative to.
Instance Method Summary collapse
-
#initialize(path) ⇒ FilesystemLoader
constructor
creates a new FilesystemLoader with the given filesystem directory to load templates relative to.
-
#load_source(template) ⇒ String
loads and returns the given template’s content or nil if the file was not a file object (such as a directory).
-
#load_template(template) ⇒ DocumentNode
loads and parses the given template name using Parser.
Constructor Details
#initialize(path) ⇒ FilesystemLoader
creates a new Cadenza::FilesystemLoader with the given filesystem directory to load templates relative to.
25 26 27 |
# File 'lib/cadenza/filesystem_loader.rb', line 25 def initialize(path) @path = path end |
Instance Attribute Details
#path ⇒ String
Returns the path on the filesystem to load relative to.
20 21 22 |
# File 'lib/cadenza/filesystem_loader.rb', line 20 def path @path end |
Instance Method Details
#load_source(template) ⇒ String
loads and returns the given template’s content or nil if the file was not a file object (such as a directory).
33 34 35 36 37 38 39 |
# File 'lib/cadenza/filesystem_loader.rb', line 33 def load_source(template) filename = File.join(path, template) return unless File.file?(filename) File.read filename end |
#load_template(template) ⇒ DocumentNode
loads and parses the given template name using Parser. If the template could not be loaded then nil is returned.
45 46 47 48 49 50 51 52 53 |
# File 'lib/cadenza/filesystem_loader.rb', line 45 def load_template(template) source = load_source(template) if source return Cadenza::Parser.new.parse(source) else return nil end end |