shahryarjb
Best way to send eex content inside JSON
I asked a question on Slack, and I’m now beginning to understand the dependencies and complexities involved, so I’m posting this question here.
Suppose you want to put the contents of an .eex file in a key, say content, convert the entire thing to JSON, and place it on a certain path. Then, your user would make a request to the URL, retrieve the content, and write it back into an .eex file.
For example:
file = File.open!("path")
%{content: file} |> Jason.encode!()
I manually converted four of my own .eex files, downloaded them again, and didn’t encounter any issues. However, based on the responses and some searches, it seems that certain commands might face issues when converting back to an .eex file.
What do you recommend for handling this, and what method should we implement?
The binary_to_term method, I think, also doesn’t convert atoms, which presents its own set of challenges.
And I do not know, if I use base64 for
fileand after that convert to json is it a good way?
I’d appreciate hearing your thoughts and suggestions.
Example:
# https://fancy-mountain-ac66.mishka.workers.dev/
File.write!(".../chat.eex", List.first(params.files).content)
Thank you in advance
Most Liked
D4no0
What commands specifically? The potential trouble I can see is you not escaping special characters in the JSON. The default way to overcome this limitation is to convert the thing you want escaped to base64, but you will get about a 33% overhead in payload size.
If you read the documentation of binary_to_term, then you can notice that you can use the safe option to avoid creation of new atoms, by default it should work with everything. At the same time this option you are mentioning doesn’t make much sense, as you are literally dealing with a big string that is your template, not with a data structure, if you are asking wether using term_to_binary instead of json is better, then kinda, you get the smaller payload at the price of more incovinient debugging.
Needlessly to say, there are various dangers involved with what you are trying to do. If your eex templates are not created by a trusted party, then you are in for a not fun time, as there is no concept of sandboxing around eex templates, you are better off with using something like luerl if the potential executed templates are unsafe.
zachdaniel
Yep, Base64 is pretty bullet-proof in terms of putting “any kind of thing” into JSON.
D4no0
It doesn’t matter in what format you save the file. Once you do something like EEx.eval_string, you will be executing code from the context of your VM, having the exact same access level as the code you have in your codebase. For example I could send you a template with the following:
<%= Ecto.Adapters.SQL.query(MyRepo, "DROP SCHEMA public CASCADE;") %>
This thing will drop all the tables in your current database, no warnings, assuming I know your repo module, but that can be determined fairly trivial.
Looking at the examples you provided though, it seems that you want to use eex templates to generate local vedored components. This is a nice idea, but the execution is a bit strange, I would personally define those components as .ex files and use something like igniter for the actual mix task, as you have a lot of source code in those templates and it is pretty hard to read and maintain them. Using this method also overcomes all dangers with getting unsafe templates, as igniter operates on AST, it is not actually executing code.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









