http://wiki.apache.org/velocity/BuildingSecureWebApplications
On Tue, Mar 30, 2010 at 1:59 PM, Treague, Keith <[email protected]> wrote: > I'm looking for a templating engine that can take a set of data I give it, > put it into an html template, and then I'll either return that to a web > browser or send that out as an e-mail. The catch is I want my users to be > able to edit the template itself. > > My concern is if they are editing the template, is there any way they can > create a malicious template that will execute malicious code on the server > such as calling various services on the server to get unauthorized info or > grant themselves additional access? If you can execute arbitrary java methods > from a template I can't use it. Any input I'd appreciate! > > (sorry if you get this twice, the first time I sent it I wasn't subscribed > yet) > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
