We have internal code @google that executes templates that aren't fully trusted. Currently we use Java introspection on the Template object (using internal class names 😕) to verify such templates do not use constructs we deem "unsafe", such as disabling auto-escaping via "?noEsc" or <#noautoesc>, as well as the "?eval" and "?interpret" built-ins.
We are considering upstreaming these capabilities; some combination of: - Provide a formal API for walking the template AST (rather than the existing test-only ASTParser) - Create a Configuration setting for "forced escaping" - which will disable "?noEsc" and <#noautoesc> for the affected template at parse time - Adding Configuration settings for "disable Interpret" and "disable Eval" (likely a bit flag so it's potentially extensible easily) Will such work be welcome by the project?
smime.p7s
Description: S/MIME Cryptographic Signature
