On Nov 20, 2008, at 4:37 AM, Chris wrote: > Hi, > I'm working on a pylons app and I'm trying to provide a feature that > allows users to create their own templates and have them rendered when > they go to their own subdomain. For example, arnold.example.com would > render using a template that Arnold created and stallone.example.com > would render using Stallone's custom templates. A good example is > Shopify.com, they provide the exact feature i'm trying to describe. > You can see what I mean at their wiki: > http://wiki.shopify.com/The_Shopify_Theme_Guide
Such a scenario was one of the initial design drivers for Evoque, that has supported sandboxing from the start. See this page on using Evoque in restricted mode: http://evoque.gizmojo.org/usage/restricted/ And this for an Evoque + Pylons howto: http://wiki.pylonshq.com/display/pylonscookbook/Templating > So far all of my templates are in Mako, which I like. However, I > don't think user created Mako templates would be safe (correct me if > I'm wrong here) since they give the user so much power. So after > poking around on the zzzeek blog I ran stumbled onto a post about > Jinja and noticed they had a sandbox environment. This sounds > promising, but was looking for opinions from more experienced > developers especially with security and template knowledge. With > proper configuration, can I be reasonably confident that no sand will > escape the box? > > I would be exposing certain objects and collection of objects for the > user templates to operate on, but I don't want users capable of doing > things like > for user in users: > user.delete() > > Basically, they should not be able to change the state of anything I > send to the template, right? This is enforced categorically in Evoque templates, as there is no support any variable manipulations -- apart from loop variables that are of course modified automatically behind the scenes. It would still be possible to allow users to set/modify variables directly if you wanted to, but that would require explicit extension of the template's execution context that is only possible from within the python application... > (my other alternative is to only allow customing theming with CSS only > and leave the HTML generation up to me, but that seems less flexible) > Thanks. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
