Re: 'Sandboxed' Template engine/context
Hi Michael, I'm looking for a similar option to allow users to upload
their own templates for theming purposes.
Did you find any solution to this?
Thanks,
Mitesh
On Friday, July 10, 2020 at 2:52:36 PM UTC+5:30 michael.t...@gmail.com
wrote:
> Hi all,
>
> Does anyone know of a straightforward way to create an independent
> template engine instance with a subset of the tags/filters/etc. defined?
>
> The use-case is for allowing user-supplied template content, while
> preventing said users from being able to use features that could be
> dangerous, leak information, etc.. (Eg. {% extends %}, {% load %},
> {{my-secret-variable-that-is-loaded-into-global-context}})
>
> Kind Regards,
> Michael
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/0cfda0d4-36f0-4888-b40a-a27d889440b6n%40googlegroups.com.
Re: 'Sandboxed' Template engine/context
Hi Michael,
Plz look at https://pypi.org/project/django-template-engines/
And see in Django doc for your use case
as very detail with builtin jinja2 engine and must config backend
enviroment to use
https://docs.djangoproject.com/en/3.0/topics/templates/#django.template.backends.jinja2.Jinja2
Hope these useful.
On Sat, Jul 11, 2020, 12:25 PM Michael Thomas
wrote:
> Hi,
>
> I'm aware that other template engines could be used, but it would be much
> more preferable to stick with Django's template engine for a variety of
> reasons (eg. using the same tags in the 'sandboxed' environment vs.
> regular).
>
> On Friday, 10 July 2020 14:41:30 UTC+4, Integr@te System wrote:
>>
>> Hi Michael,
>>
>> Some templates as mako, jinja, genshi...
>>
>>
>>
>>
>> On Fri, Jul 10, 2020, 4:23 PM Michael Thomas
>> wrote:
>>
>>> Hi all,
>>>
>>> Does anyone know of a straightforward way to create an independent
>>> template engine instance with a subset of the tags/filters/etc. defined?
>>>
>>> The use-case is for allowing user-supplied template content, while
>>> preventing said users from being able to use features that could be
>>> dangerous, leak information, etc.. (Eg. {% extends %}, {% load %},
>>> {{my-secret-variable-that-is-loaded-into-global-context}})
>>>
>>> Kind Regards,
>>> Michael
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/django-users/e8456f7f-e52f-4bf4-95c6-419d84600687o%40googlegroups.com
>>>
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/e50f24b3-1e6e-4260-b720-5af5912ae511o%40googlegroups.com
>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CAP5HUWoh8%3DYGiO5fFhM23aKg8r%2BsqytUpSZEhV9ctvQogzqOww%40mail.gmail.com.
Re: 'Sandboxed' Template engine/context
Hi,
I'm aware that other template engines could be used, but it would be much
more preferable to stick with Django's template engine for a variety of
reasons (eg. using the same tags in the 'sandboxed' environment vs.
regular).
On Friday, 10 July 2020 14:41:30 UTC+4, Integr@te System wrote:
>
> Hi Michael,
>
> Some templates as mako, jinja, genshi...
>
>
>
>
> On Fri, Jul 10, 2020, 4:23 PM Michael Thomas > wrote:
>
>> Hi all,
>>
>> Does anyone know of a straightforward way to create an independent
>> template engine instance with a subset of the tags/filters/etc. defined?
>>
>> The use-case is for allowing user-supplied template content, while
>> preventing said users from being able to use features that could be
>> dangerous, leak information, etc.. (Eg. {% extends %}, {% load %},
>> {{my-secret-variable-that-is-loaded-into-global-context}})
>>
>> Kind Regards,
>> Michael
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django...@googlegroups.com .
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-users/e8456f7f-e52f-4bf4-95c6-419d84600687o%40googlegroups.com
>>
>>
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/e50f24b3-1e6e-4260-b720-5af5912ae511o%40googlegroups.com.
Re: 'Sandboxed' Template engine/context
Hi Michael,
Some templates as mako, jinja, genshi...
On Fri, Jul 10, 2020, 4:23 PM Michael Thomas
wrote:
> Hi all,
>
> Does anyone know of a straightforward way to create an independent
> template engine instance with a subset of the tags/filters/etc. defined?
>
> The use-case is for allowing user-supplied template content, while
> preventing said users from being able to use features that could be
> dangerous, leak information, etc.. (Eg. {% extends %}, {% load %},
> {{my-secret-variable-that-is-loaded-into-global-context}})
>
> Kind Regards,
> Michael
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/e8456f7f-e52f-4bf4-95c6-419d84600687o%40googlegroups.com
>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CAP5HUWopfguN5%3D4K9H6z4LKXL_GSS2iDna8LYc_rkLchQgCjDQ%40mail.gmail.com.
'Sandboxed' Template engine/context
Hi all,
Does anyone know of a straightforward way to create an independent template
engine instance with a subset of the tags/filters/etc. defined?
The use-case is for allowing user-supplied template content, while
preventing said users from being able to use features that could be
dangerous, leak information, etc.. (Eg. {% extends %}, {% load %},
{{my-secret-variable-that-is-loaded-into-global-context}})
Kind Regards,
Michael
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/e8456f7f-e52f-4bf4-95c6-419d84600687o%40googlegroups.com.
