Damjan wrote: > > If presentation logic capability is allowed in the template, a similar > > DOS attack could probably be performed against the server quite easily > > -- just use a few nested loops to render a huge string. 30 nested > > loops on even a very small string should do the trick. > > This is test-able. > A restricted template should not be able to recognise if it's being > tested offline or it's in production.
A _static_ template certainly cannot recognize if it's being tested offline or in production, but as soon as you provide conditional and looping capability, testing non-trivial templates to see if they consume large amounts of memory or CPU under any forseeable circumstances quickly becomes an intractable problem. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears -~----------~----~----~----~------~----~------~--~---
