XP is just a number | |
PerlMonks |
Security Breach through Template::Toolkitby Sixtease (Friar) |
on Nov 11, 2008 at 08:31 UTC ( [id://722806]=perlquestion: print w/replies, xml ) | Need Help?? |
Sixtease has asked for the wisdom of the Perl Monks concerning the following question: Fellow Monks, I'd like to let the users of my web app customize their pages. Perlmonks does something similar by letting me write my own CSS. I'd like to go one step further and let them write their own template with Template::Toolkit. I know though that Template can be configured to enable processing of Perl code within the templates, which would of course be an open gate for bad guys. Can Template::Toolkit be configured to only allow "safe" things done in the templates? Do you think this whole idea is reasonably realizable?
use strict; use warnings; print "Just Another Perl Hacker\n";
Back to
Seekers of Perl Wisdom
|
|