velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chad La Joie <laj...@itumi.biz>
Subject Re: Validate templates before use
Date Mon, 06 Feb 2012 14:44:15 GMT
On Mon, Feb 6, 2012 at 09:41, sebb <sebbaz@gmail.com> wrote:
> Just because it's parseable does not mean it's safe to use ...
> allowing an end-user to provide a template without manual checking
> sounds like a recipe for inviting exploits.

There's nothing I can do about that.  If the user wants to write a
template that exploits their own system, that's up to them.  I'm just
trying to provide what checking I can at startup time.


-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@velocity.apache.org
For additional commands, e-mail: user-help@velocity.apache.org


Mime
View raw message