Java Mailing List Archive

http://www.junlu.com/

Home » FreeMarker-user »

[FreeMarker-user] safe end user editable template,
 can freemarker be used for this?

S Ahmed

2011-11-15

Replies: Find Java Web Hosting

Author LoginPost Reply
Say I have a template that I want end users to be able to edit, and thus this has to be safe from them being able to output the database connection string or other unsafe operations.

Can freemarker be used?

Can I have it such that freemarker will ONLY parse specific objects?  

Say I have a page that displays products, so I load a List<Products> variable and send that to my view page.

The end user can only use this @products variable, and is prevented from doing anything else that could be a security issue.

Possible?

Ruby has something like this already called liquid: http://liquidmarkup.org/


------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
FreeMarker-user mailing list
FreeMarker-user@(protected)
https://lists.sourceforge.net/lists/listinfo/freemarker-user
©2008 junlu.com - Jax Systems, LLC, U.S.A.