Safe Razor Template Engine
Question
I'm an asp.net mvc 3 newbie, I'm developing a site that allow user customize their layout and use razor template engine. Thay could direct edit the template file.
How to retrict user from only allow uses some explicit helper in a template. I dont want user access other dangerous server functions, and only use what I added.
Thanks
1 answers
solution1
3 2010-11-24 07:48:37
There are two cases:
- You trust your users: in this case you shouldn't be worried as they won't break your site
- You don't trust your users (most probable): in this case giving them the possibility to directly modify the templates seems a risky affair. You will need a pretty solid sanitizing tool that will filter all other helpers that you don't want. It's just too broad. Giving them the possibility to write markup would be OK with for example some WYSIWYG editor like WMD but giving them access to server code is asking for trouble.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
print nullable type on Razor Template Engine
Razor Engine Email Template Error Object type cannot be converted to target
Razor Safe Check InvalidExpressionTerm
Razor engine on MVC 1
Razor engine if else statement
Razor engine namespace not found
Upgrading view engine to Razor
How can I bind Dictionary to a partial view in ASP.NET MVC 5 Razor template engine
Validate Razor template
Razor template to javascript string
Related Tags