Answer the question
In order to leave comments, you need to log in
R
R
Rrooom2014-09-19 16:24:27
Rrooom, 2014-09-19 16:24:27
How secure are django templates from unverified sources?
One hundred and fifty cloud cms, I think what template engine to provide users. Those. they have a layout, and you just need to stuff template tags for elements, load them, and the django engine will pick them up and display them.
For a couple of days now I've been thinking - to write my bike - with special care in approaching security, or can I take the standard Dzhang one? In principle, I can't figure out how to break the platform using only the standard tools of the template engine.
Am I right? And is it safe to use it?
2 answer(s)
@yttrium
@sima007
Y
yttrium, 2014-09-19 @yttrium
If from the side of the interpreter of the template of the danger to wait. scan the template for {% {{ and so on. then everything should be fine.
If from the javascript side, then it is necessary to start a separate domain for each template creator.
A
Alexander Simkin, 2014-09-25 @sima007
With syntax errors, you will need to come up with something (In the sense of how to show them to the template author, etc.). But the protection itself there is pretty good, the python template engine does not allow it. Unless, of course, you write a templatetag that allows it.
If you want to be sure, open django.template.defaulttags , django.template.defaultfilters , and whatever else is available for {% load ... %} .
Similar questions
N
S
I
D
Dev_nab2019-02-06 15:32:30
Django - How to display a list of users who read a given news item?
1Reply
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question