Is it possible to do AJAX calls in a liquid template?

Question

I'm looking at the liquid templating language for Rails apps:

http://wiki.github.com/tobi/liquid/

I'd like my users to also be able to make AJAX calls (just like the ones in rails for periodically_call_remote, observe_field, etc). Is this possible?

Assuming the rails helpers can be added as filters, how will the user be able to modify what gets returned by the AJAX call? They cannot modify an rjs file on the server or anything like that. I suppose the AJAX call could return JSON (instead of rendered html) and then the javascript could use that to render something. But I'm having a little trouble envisioning how it would work exactly.

If anyone can point me to an example of this or clarify it'd be much appreciated. Thanks!

Answer 1

Is allowing any user to make any ajax call really what you want ?
Don't forget you can't trust your users. Do you really want them to be able to request any page on your domain name ?

I guess you want to be able to allow them to request some pages only though. A defined list of urls.

Then you can just create one filter per url that'll return your content.
So if the user does in his template :

{{ get_users }}

Which will do, internaly, an ajax call retrieving the list of all your users.

You can think generic when you're working on things that only developers should be working on.
But when it's about allowing your users to change the code of your application, you should restrain them so they don't hack and break everything.