I’ve finally found some time (thanks to the xmas break) to have a crack at a ‘safe’ Mustache implementation in Ruby. By this, I mean an implementation that allows for templates to be edited by end users without fear of jeopardising an app’s security. This is useful in many situations, for example in a CMS or to allow users to customise email responses etc.
In order to gain a full understanding of how Mustache works internally, I decided to first write a full Mustache implementation from the ground up. Once this was done, I looked at ways to implement ‘safe views’ using Liquid as inspiration. Tache meets the current Mustache spec,
apart from a few whitespace differences that I will be addressing shortly.
You can view the project on Github which contains the full documentation.
Happy New Year!