velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chad La Joie <>
Subject Re: Validate templates before use
Date Mon, 06 Feb 2012 14:44:15 GMT
On Mon, Feb 6, 2012 at 09:41, sebb <> wrote:
> Just because it's parseable does not mean it's safe to use ...
> allowing an end-user to provide a template without manual checking
> sounds like a recipe for inviting exploits.

There's nothing I can do about that.  If the user wants to write a
template that exploits their own system, that's up to them.  I'm just
trying to provide what checking I can at startup time.

Chad La Joie
trusted identities, delivered

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message