not-kennethreitz/convore.json
1
0
Fork 0
mirror of https://github.com/not-kennethreitz/convore.json.git synced 2026-06-21 15:40:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
convore.json/groups/django-community/is-there-a-django-templating-language-equiv-to-rubys-liquid/messages.json
T
Kenneth Reitz add958b068 shuffle things around a bit
2012-02-21 01:15:00 -05:00

1 line
2.2 KiB
JSON
Raw Permalink Blame History

[{"user_id": 4219, "stars": [], "topic_id": 14217, "date_created": 1300719236.3936, "message": "https://github.com/tobi/liquid", "group_id": 81, "id": 398640}, {"user_id": 4219, "stars": [], "topic_id": 14217, "date_created": 1300719252.7034049, "message": "i.e. end user editable template language that is safe from hacking", "group_id": 81, "id": 398647}, {"user_id": 1736, "stars": [], "topic_id": 14217, "date_created": 1300727352.9035499, "message": "@convy It is as \"safe\" as you make it. Any callable reachable from an object exposed to the template can be run, so if you have a random model object in the template context it is possible to do obj.__class__.objects.all.delete. If you are diligent about the context, then yes it should be safe.", "group_id": 81, "id": 400185}, {"user_id": 2045, "stars": [], "topic_id": 14217, "date_created": 1300729647.8015299, "message": "@coderanger I think variables and attributes that start with an underscore throw a SyntaxError. I'd worry about the ssi and debug tags, though.", "group_id": 81, "id": 400602}, {"user_id": 2045, "stars": [], "topic_id": 14217, "date_created": 1300730096.9198251, "message": "Pystache (https://github.com/defunkt/pystache) may be a good candidate for this. It's similar to Django templates, but doesn't look like it would contain anything that would be a security issue.", "group_id": 81, "id": 400660}, {"user_id": 1736, "stars": [], "topic_id": 14217, "date_created": 1300729748.2221179, "message": "@joshbohde True, I forgot about that. Also you would want to make sure to not use a RequestContext since that can expose some nasty things.", "group_id": 81, "id": 400618}, {"user_id": 5852, "stars": [], "topic_id": 14217, "date_created": 1300745885.9129419, "message": "(That said I can't speak to whether it's 100% secure; you might need ask @mitsuhiko about that...)", "group_id": 81, "id": 403176}, {"user_id": 5852, "stars": [{"date_created": 1300789190.6065259, "user_id": 177}], "topic_id": 14217, "date_created": 1300745843.2474051, "message": "I'd suggest Jinja2's sandboxed mode if you want to do something Django-ish that's safe to end users: http://jinja.pocoo.org/docs/sandbox/#jinja2.sandbox.SandboxedEnvironment", "group_id": 81, "id": 403172}]
Reference in New Issue View Git Blame Copy Permalink