– we create awesome web applications

I was the last person in our company working with ERB to render templates. While all the rest switched to HAML. At the beginning it was quite hard for me to read HAML comparing to ERB. HAML looked for me like some completely alien thing with weird percent marks all over the place and the significant whitespace never did it for me. On the other hand ERB felt like warm home after years we spent together.

Until I did the switch.

Now I would compare HAML with Mac. Once you've switched you never get back. Guys from HAML say that "HAML is based on one primary principle. Markup should be beautiful.", they even go as far as call it markup haiku. Which is true. Together with "beautiful" you get less code that is more readable and secure.

Now, writing rails views that are readable, maintainable and concise was never an easy job. If you let them to get out of hand you quickly find yourself with 400 lines of... not code, no... let's call it a mess. We actually seen it happens to less careful colleagues, and cleaning this mess was not a fun and easy thing to do.

HAML is here to help you with that.

You obviously can get to the same mess level with HAML, but if you on a task to avoid it, HAML is there to support you.

Simply put, If you write something that doesn't look beautiful you know that you're doing something wrong and it is a time to stop for a minute and think about refactoring.

  • long views with deep nesting - you can check 2 things here
    • whether you need to create some partials for duplicating parts
    • or you can check your HTML markup (table layout will look really really bad in HAML)
  • if your lines are too long - create helpers and get your ruby code out of views
  • inline javascript doesn't really looks fit - check out the unobtrusive javascript, which will bring along another nicetohaves.

Another big bounty you get is that HTML escaping is opt out vs. the opt in in ERB after the following magic. Put this in in config/environment.rb (after Rails::Initializer.run):

Haml::Template.options[:escape_html] = true

So you have to make an informed decision that you want this piece of code unescaped which hopefully will make your code more secure out of the box with next to nothing additional work on your hands. So long, nasty XSS.

This line should not get your XSS alarm go off

%h2= @product.title

This one shouldn't, but i'm sure you know it, cause you went to an extra step of putting "!" there

#products
  != render(:partial => @products)

Generally, i can't find a good reason for leaving all your strings unescaped by default (wink-wink ERB).

Do I miss something?

comments powered by Disqus