Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can a python view template be made to be 'safe/secure' if I make it user editable?

Say I need to have a templating system where a user can edit it online using an online editor.

So they can put if tags, looping tags etc., but ONLY for specific objects that I want to inject into the template.

Can this be made to be safe from security issues?

i.e. them somehow outputing sql connection string information or scripting things outside of the allowable tags and injected objects.

like image 399
Blankman Avatar asked Jun 13 '10 22:06

Blankman


1 Answers

Yes, use a template engine that has sandboxing features, like jinja2

like image 196
nosklo Avatar answered Oct 24 '22 06:10

nosklo