My plan is the following…
First some concepts…
Pandora is a wiki engine that allows the creation of a collection of
web pages that I call ‘books’, and different access levels to different
users. A Publisher is allowed to create new books, an Author is allowed
to create new pages in an existing book, and an Editor is allowed to
edit / modify existing pages of a book. A viewer may be authenticated
or not, and may be able to see some of the contents that have not been
marked private by the publisher or authors of the book. You can see
how this works and play with the system by downloading the current beta
version at:
http://pandora.rubyveil.com/pandora/Pandora/Project/Downloads
A page in a Pandora book contains plain text with Textile or Silk Veil
markups. Silk Veil is an extension of RedCloth that adds markups that
allow references to resources within a Pandora book in addition to
other things.
A page in a Pandora book can be marked ‘scriptable’ by its publisher or
authors, which means that it can contain Ruby code enclosed in ‘<%’
and ‘%>’ that can call Pandora’s Box document-oriented API and other
standard Ruby API. This will let the authors to manipulate the
enclosing document easily, such as inserting Javascript code that can
call Prototype library through a Ruby wrapper, for example, to add AJAX
behaviors to the page, and other things like collecting form data,
processing the input from the page viewer, and entering it to a backend
database, for another example.
When processing scriptable pages, Pandora will take one extra step
after interpreting the Textile and Silk Veil markups to run the
resulting text through ERB in the context of a restricted sandbox to
produce the final page, either in the same Ruby process as Pandora, or
in a separate, forked child.
The result is a system that will allow its users to write
‘document-oriented’ applications in Ruby using no more than a browser
and without needing shell access to the server where the code will be
executed. Because this will give document authors and editors
tremendous power, I have to be careful in executing the embedded Ruby
code not to pose a security risk, which is rather hard to do…
But, if I’m able to do this correctly, we will have a cool way to do
dynamic page programming on the “client side” without resorting to
browser-specific dialects of Javascript. I am very optimistic about
this possibility, but as I’ve said earlier, the challenge is in the
design of the API and the implementation of the sandbox to avoid
creating a security hole.
So that’s the plan. The Pandora wiki / document publishing platform is
relatively complete, as you can see in the web site. Comments and
suggestions on how to implement the rest are absolutely welcome, as
well as participations if you have some extra cycles to help code parts
of the system…
Best regards,
Julian I. Kamil [email protected]
http://pandora.rubyveil.com/ - Document publishing and web application
framework
http://books.rubyveil.com/ - The Ruby Bookshelf