I'm looking for a templating engine that can take a set of data I give it, put it into an html template, and then I'll either return that to a web browser or send that out as an e-mail. The catch is I want my users to be able to edit the template itself.
My concern is if they are editing the template, is there any way they can create a malicious template that will execute malicious code on the server such as calling various services on the server to get unauthorized info or grant themselves additional access? If you can execute arbitrary java methods from a template I can't use it. Any input I'd appreciate! (sorry if you get this twice, the first time I sent it I wasn't subscribed yet)
