Can you please elaborate how? -----Original Message----- From: Alexander Krasnukhin [mailto:[email protected]] Sent: Tuesday, March 30, 2010 4:02 PM To: Velocity Users List Subject: Re: Should I use velocity?
Yes. User could execute arbitrary java methods from a template. On 31 March 2010 03:59, Treague, Keith <[email protected]>wrote: > I'm looking for a templating engine that can take a set of data I give it, > put it into an html template, and then I'll either return that to a web > browser or send that out as an e-mail. The catch is I want my users to be > able to edit the template itself. > > My concern is if they are editing the template, is there any way they can > create a malicious template that will execute malicious code on the server > such as calling various services on the server to get unauthorized info or > grant themselves additional access? If you can execute arbitrary java > methods from a template I can't use it. Any input I'd appreciate! > > (sorry if you get this twice, the first time I sent it I wasn't subscribed > yet) > -- Regards, Alexander --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
