How to do user content from CMS in Rails

Question

I'm trying to build a CMS in Rails from scratch, and for showing the user generated pages I'm having trouble deciding exactly how to do it.

The way I have it right now, I have a controller named 'content' with a single action called 'show'. In routes.rb I have a rule that passes any name after the name of the website to the content controller, show action with parameter name.

For example, www.mysite.com/about_us would route to

:controller => 'content', :action => 'show', :page => 'about_us'

Inside the content controller, I do a find on the Pages model to locate the named page:

@markup = Page.find_by_name(params[:page])

And then in the show.html.erb view I use the raw helper to display the content:

<%= raw @markup.text %>

Does this method violate anything about the way I should do be doing things in Rails? Or is this an OK solution?

Answer 1

http://guides.rubyonrails.org/getting_started.html try this link this infact creates a cms as an startup example to learn rails.It is not fully complete but it will be of great use.

Answer 2

I ended up using the sanitize helper, by default it removes <script> tags which is essentially what you need to prevent XSS, as far as I understand. For those who have found this via a search, the only code that changes from what I described above is that in the view you change to:

<%= sanitize @markup.text %>