I want to allow the end-users of my web application to modify views (via web based back office), stored in the database. The desired view engine is expected to be code-injection safe, meaning that the end-user will be limited to the absolute minimum number of expressions available, no server code ins开发者_运维问答erts are allowed.
Is any suitable view engine available to download?
I don't know of any existing engine, but Phil Haack has a post on storing views in a database: http://haacked.com/archive/2009/04/22/scripted-db-views.aspx
That post deals with the idea of user-created views. If you want to protect against XSS-style code injection attacks, you can sanitize your HTML.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论