Rails - Nov 2006 - Is textilize bad?

Hi,

I''m reading "Beginning Ruby on Rails E-Commerce".
On page 398, it says:

Caution: Although textilize is a cool quick-and-dirty helper, as a rule 
of thumb, it should never be used in a production setting.


What''s wrong with textilize?
What''s a better alternative?

Thanks.

Sam

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I don''t know, since I don''t have that book. I am guessing its
something to
do with security. I have been using it in production since like ages and its
pretty helpful rather ''never used''.

On 11/16/06, Sam Kong
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
>
>
> Hi,
>
> I''m reading "Beginning Ruby on Rails E-Commerce".
> On page 398, it says:
>
> Caution: Although textilize is a cool quick-and-dirty helper, as a rule
> of thumb, it should never be used in a production setting.
>
>
> What''s wrong with textilize?
> What''s a better alternative?
>
> Thanks.
>
> Sam
>
> --
> Posted via http://www.ruby-forum.com/.
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Problems with textilize? Thats a new one for me.


--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

> I''m reading "Beginning Ruby on Rails E-Commerce".
> On page 398, it says:
>
> Caution: Although textilize is a cool quick-and-dirty helper, as a rule
> of thumb, it should never be used in a production setting.
>
>
> What''s wrong with textilize?
> What''s a better alternative?
I haven''t used it myself, but textile is redcloth... and I seem to 
remember a thread awhile back (not even sure it was this group) about 
redcloth vs bluecloth and speed issues...  So maybe textile is kind of 
slow?

But again, I haven''t used it, so could be completely wrong.  Search
google
for textile/redcloth/bluecloth for more...

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Philip Hallstrom wrote:
>> I''m reading "Beginning Ruby on Rails E-Commerce".
>> On page 398, it says:
>>
>> Caution: Although textilize is a cool quick-and-dirty helper, as a rule
>> of thumb, it should never be used in a production setting.
>>
>>
>> What''s wrong with textilize?
>> What''s a better alternative?
>>     
>
> I haven''t used it myself, but textile is redcloth... and I seem to
> remember a thread awhile back (not even sure it was this group) about 
> redcloth vs bluecloth and speed issues...  So maybe textile is kind of 
> slow?
>
> But again, I haven''t used it, so could be completely wrong. 
Search google
> for textile/redcloth/bluecloth for more...
>
> >
>   
I believe in this context the authors were saying that it was bad to use 
on text on each render.  You are going to want to cache your pages 
and/or textilize the text as it goes into the db so you do not get a 
large speed hit on each page render.

Matthew Margolis
blog.mattmargolis.net

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Philip Hallstrom wrote:
> I haven''t used it myself, but textile is redcloth... and I seem to
> remember a thread awhile back (not even sure it was this group) about
> redcloth vs bluecloth and speed issues...  So maybe textile is kind of
> slow?
 That rings a bell. One solution to the speed problem is to cache the 
textilized text int he database along with the original source. That way 
you only do the translation once after an edit, and the textilized 
version can be pulled from he DB when needed. This is a tactic I''d use 
for any formatting language used on a high-traffic site.

Dougal.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Douglas Shearer wrote:
>  That rings a bell. One solution to the speed problem is to cache the 
> textilized text int he database along with the original source. That way 
> you only do the translation once after an edit, and the textilized 
> version can be pulled from he DB when needed. This is a tactic I''d
use
> for any formatting language used on a high-traffic site.
> 
I''d say that fragment caching is probably a simpler performance-focused
fix, rather than creating a more convoluted model.

The big problem with textilize (and any user-generated HTML) is that 
you''re leaving your app open for cross-site-scripting attacks if you 
don''t sanitize the HTML it produces, both tags and attributes.

My schtick about safe HTML is here:

http://www.kookdujour.com/blog/details/11

And I wrote a pretty flexible helper method to ensure safe user-created 
HTML.

-DJCP


-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Matthew Margolis wrote:
> I believe in this context the authors were saying that it was bad to use
> on text on each render.  You are going to want to cache your pages
> and/or textilize the text as it goes into the db so you do not get a
> large speed hit on each page render.
Bingo! The quote in the original post was part of a section called
"Rendering Speed".

//jarkko

--
Jarkko Laine
http://jlaine.net
http://dotherightthing.com
http://www.railsecommerce.com
http://odesign.fi


--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---