If you put the customizable html files under /static folder, the users will not be able to run any Python command.
Are you to giving access to views files for users to edit? or just store CSS and some html in a DB to build the pages? Bruno Rocha [ About me: http://zerp.ly/rochacbruno ] On Mon, Apr 25, 2011 at 3:07 PM, cx42net <[email protected]> wrote: > Hi! > > On my way to learning Web2Py, I was wondering to know if the template > engine provided by Web2Py allow executing some python code. > > I plan to use it as a "wildcard website" for my users and they will > have the possibility to change the template of their website. > With that in mind, it's important for me to be sure there is no way > one of my user can execute python code in the template engine (for > removing database data or executing some non secure code). > > Thanks for your reply. > > If it's possible to inject python code, is there a way to use Django > template engine in Web2Py, and if so, is there a tutorial online on > how to do so ? (I googled for it but couldn't find anything :/) > > Thanks!
