On 17/11/11 18:36, Carl Meyer wrote: > I do, however, think that the tight coupling we currently have between > INSTALLED_APPS and "what templatetag libraries are available for > load", while a reasonable default for an integrated framework, is an > unfortunate restriction on use of the template system, which I hope > can be lifted by #17093.
Agreed. > And I also don't agree that efforts to use the template language in a > "sandboxed" way are doomed to failure: if you can instantiate a > template instance with an explicitly-limited set of templatetag > libraries (which #17093 would allow), and you can control exactly what > data is put into the template context, I think you _can_ make > templates safe for untrusted use. Obviously it requires care. It's pretty easy to produce a DOS attack using only builtin template tags and filters, and a completely empty context e.g.: {% for a in "xxxxxxxxxxxxxxx"|make_list %} {% for a in "xxxxxxxxxxxxxxx"|make_list %} {# etc #} {% endfor %} {% endfor %} I'm sure there must be other ways to do this, and there may well be different other types of flaws. I guess it depends on what you mean by 'safe', but we certainly haven't built the template system with this in mind. Luke -- The probability of someone watching you is proportional to the stupidity of your action. Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.