Sixtease has asked for the wisdom of the Perl Monks concerning the following question:
Fellow Monks,
I'd like to let the users of my web app customize their pages. Perlmonks does something similar by letting me write my own CSS. I'd like to go one step further and let them write their own template with Template::Toolkit.
I know though that Template can be configured to enable processing of Perl code within the templates, which would of course be an open gate for bad guys.
Can Template::Toolkit be configured to only allow "safe" things done in the templates? Do you think this whole idea is reasonably realizable?
use strict; use warnings; print "Just Another Perl Hacker\n";
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Security Breach through Template::Toolkit
by stonecolddevin (Parson) on Nov 11, 2008 at 08:35 UTC | |
Re: Security Breach through Template::Toolkit
by moritz (Cardinal) on Nov 11, 2008 at 08:41 UTC | |
by dragonchild (Archbishop) on Nov 11, 2008 at 18:22 UTC | |
Re: Security Breach through Template::Toolkit
by Sixtease (Friar) on Nov 11, 2008 at 10:08 UTC | |
by moritz (Cardinal) on Nov 11, 2008 at 15:50 UTC |
Back to
Seekers of Perl Wisdom