Ruby on Rails: What are the disadvantages of Erubis and why is it not packaged with Rails by default? How to configure it?

Question

Ruby on Rails: What are the disadvantages of Erubis and why is it not packaged with Rails by default? How to configure it?

I just opened Erubis by replacing the default renderer for Ruby on Rails. However, from what I can say, having read about it, he excels in all directions.

It is much faster. He has many more options.
This can prevent cross-site scripting without using h.

Does it have any flaws compared to the standard erb renderer? Why is this standard rendering not packaged with Rails?

Also, the docs for Erubis say to install it by simply installing gem, and then add the following to environment.rb:

require 'erubis/helpers/rails_helper' #Erubis::Helpers::RailsHelper.engine_class = Erubis::Eruby # or Erubis::FastEruby

Reading documents, FastEruby seems to be just faster than Eruby. Why will it not be used by default and will not be used by everyone?

I am very interested in using engine erubis :: EscapedEruby, which automatically calls h to remove html across fields from the database. Are there any errors that I should know about, or does this pretty much solve all the scripts on different sites?

+7

ruby-on-rails xss erubis

William jones May 23 '10 at 4:12

source share

2 answers

Matchu · Answer 1 · 2010-05-23T04:18:10+0000

The Rails team agrees. Erubis is used by default in Rails 3 beta and will be used by default when Rails 3 is released. Yehuda Katz mentioned this on his blog , and Erubis is listed as a dependency for Action Pack in current Rails 3 beta versions.

abrocks · Answer 2 · 2014-12-29T14:58:46+0000

It is packaged by default as a dependency gem in Rails4. You can find more information here: Ruby 2.1 with erubis template template

Ruby on Rails: What are the disadvantages of Erubis and why is it not packaged with Rails by default? How to configure it?

More articles: