in reply to Security Breach through Template::Toolkit

Yeah well, I'm starting to see that Template::Toolkit might be just a little too powerful. Let alone the STDOUT filter could bloat the output of my app. Users can create complex data structures and print them repeatedly, so I see ways of loading the server with lots of work.

Maybe HTML::Template would be better. But the comfort is far from that which TT provides.

use strict; use warnings; print "Just Another Perl Hacker\n";
  • Comment on Re: Security Breach through Template::Toolkit

Replies are listed 'Best First'.
Re^2: Security Breach through Template::Toolkit
by moritz (Cardinal) on Nov 11, 2008 at 15:50 UTC
    Maybe HTML::Template::Compiled might be a compromise? It offers a few features that HTML::Template doesn't have (it's maintained, it offers caching, a less verbose tag style, loops over hashes, sane handling of character encodings etc) without providing TT's full power.