Java Mailing List Archive

Home » FreeMarker-user »

[FreeMarker-user] safe end user editable template,
 can freemarker be used for this?

S Ahmed


Replies: Find Java Web Hosting

Author LoginPost Reply
Say I have a template that I want end users to be able to edit, and thus this has to be safe from them being able to output the database connection string or other unsafe operations.

Can freemarker be used?

Can I have it such that freemarker will ONLY parse specific objects?  

Say I have a page that displays products, so I load a List<Products> variable and send that to my view page.

The end user can only use this @products variable, and is prevented from doing anything else that could be a security issue.


Ruby has something like this already called liquid:

RSA(R) Conference 2012
Save $700 by Nov 18
Register now
FreeMarker-user mailing list
©2008 - Jax Systems, LLC, U.S.A.