Are Django templates safe enough to use templates provided by untrusted users? Is it possible to limit functionality? I am not only concerned with what the templates can access, but also things like being able to consume excessive resources with, for example, deeply nested loops.
If not Django templates then what? I ideally need simple conditionals and some way of looping. Mustache is close to what I need (it will probably do if I cannot find better) but AFAIK cannot iterate over a tree. I also just found StringTemplate (from stringtemplate.org, not the standard library!), Anyone tried either of these? -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
