Say I need to have a templating system where a user can edit it online using an online editor.
So they can put if tags, looping tags etc., but ONLY for specific objects that I want to inject into the template.
Can this be made to be safe from security issues?
i.e. them somehow outputing sql connection string information or scripting things outside of the allowable tags and injected objects.
Yes, use a template engine that has sandboxing features, like jinja2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With