LLMpediaThe first transparent, open encyclopedia generated by LLMs

ERB (template system)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Bottle (web framework) Hop 5
Expansion Funnel Raw 51 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted51
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
ERB (template system)
NameERB (template system)
TitleERB (template system)
AuthorYukihiro Matsumoto
DeveloperRuby core contributors
Released2003
Programming languageRuby
Operating systemCross-platform
LicenseBSD-style

ERB (template system) is a templating tool that embeds Ruby code within text documents to produce dynamic content. It is commonly bundled with the Ruby (programming language) standard library, used in web frameworks such as Ruby on Rails and in command-line tooling maintained by organizations like GitHub and projects within the Apache Software Foundation. ERB enables generation of HTML, XML, configuration files, and other text formats by combining static markup with evaluated Ruby expressions in server-side and build-time contexts.

Overview

ERB operates by parsing a template containing static text and embedded Ruby code delimited by special tags, invoking the RubyGems runtime and standard library facilities to evaluate code within a binding scope. It is integrated into frameworks including Ruby on Rails, Sinatra (software), Hanami (web framework), and deployment tools used by Chef (software) and Puppet (software), enabling template-driven rendering for controllers, views, and infrastructure templates. ERB templates are often stored with extensions such as .erb and processed by template handlers in systems like ActionView and build pipelines in Rake (software) tasks.

History and Development

ERB was introduced as part of the Ruby (programming language) ecosystem and evolved alongside contributions by core developers and maintainers participating in repositories hosted on GitHub and discussions at conferences like RubyKaigi and RailsConf. Its development intersected with milestones in Ruby on Rails history, including integration into view rendering and adoption by projects led by figures such as David Heinemeier Hansson and organizations like Basecamp. ERB's design reflects influences from template systems inside languages like PHP, ASP.NET, and Django, while its maintenance has involved compatibility work for interpreter implementations such as CRuby, JRuby, and TruffleRuby.

Syntax and Features

ERB uses delimiter tags such as <% %> for Ruby statements and <%= %> for expressions whose results are inserted into the output. It supports trim modes and safe levels, enabling control over whitespace and output escaping when used alongside libraries like ERB::Util and connection with HTML sanitizers maintained by projects such as Loofah and Sanitize (software). Features include partial rendering via helpers provided in ActionView, layouts influenced by patterns from Mustache (template system) and Liquid (templating language), and instrumentation hooks compatible with monitoring tools from New Relic and Datadog. ERB's minimal syntax contrasts with more opinionated systems such as Twig (template engine), Smarty (template engine), and Jinja (template engine).

Usage and Integration

In web applications, ERB is commonly used to render views, mailers, and asset templates in ecosystems around Ruby on Rails, Sinatra (software), and Hanami (web framework). It integrates with asset pipelines managed by Webpack wrappers, deployment workflows orchestrated by Capistrano, and continuous integration platforms like Travis CI, CircleCI, and GitHub Actions. ERB also appears in configuration management templates consumed by Chef (software), Puppet (software), and container images built via Docker. Tooling for editors and IDEs such as Visual Studio Code, Sublime Text, and RubyMine provide syntax highlighting and snippets for ERB.

Security Considerations

Because ERB evaluates Ruby code, templates executed with elevated privileges can lead to code injection vulnerabilities and privilege escalation if untrusted input is evaluated. Best practices advocated by security communities and guidelines from organizations such as OWASP recommend avoiding evaluation of untrusted templates, employing strict input sanitization with libraries like Loofah and Sanitize (software), and using alternative sandboxing approaches supplied by interpreters such as JRuby with SecurityManager patterns. Web frameworks like Ruby on Rails offer automatic HTML escaping and CSP integration options promoted by entities including Mozilla and Google for mitigating cross-site scripting risks.

Performance and Implementation Details

ERB templates are parsed into Ruby code which can be compiled and cached to reduce overhead; implementations may produce a method body or a string that is evaluated via Kernel#eval. Performance considerations include template compilation cost, interpreter startup time in environments using CGI or Phusion Passenger, and concurrency behavior under Puma (web server) or Unicorn (server). Alternative Ruby interpreters such as JRuby and TruffleRuby affect JIT and garbage collection characteristics relevant to ERB throughput. Profiling with tools from New Relic, Datadog, and benchmarks published by communities including TechEmpower help tune caching, partial caching, and streaming rendering strategies.

Comparable or related systems include Liquid (templating language), Haml, Slim (template language), Mustache (template system), Jinja (template engine), Twig (template engine), and server-side engines like ERB::Engine alternatives hosted on GitHub. Choices between ERB and these systems hinge on factors championed by projects such as Ruby on Rails, Shopify, and GitHub—trade-offs in expressiveness, safety, and performance—while organizations like Mozilla and Google influence best practices for secure template rendering.

Category:Ruby (programming language) software