开发者

Choosing the MVC view engine

开发者 https://www.devze.com 2022-12-25 01:51 出处:网络
I want to allow the end-users of my web application to modify views (via web based back office), stored in the database.

I want to allow the end-users of my web application to modify views (via web based back office), stored in the database. The desired view engine is expected to be code-injection safe, meaning that the end-user will be limited to the absolute minimum number of expressions available, no server code ins开发者_运维问答erts are allowed.

Is any suitable view engine available to download?


I don't know of any existing engine, but Phil Haack has a post on storing views in a database: http://haacked.com/archive/2009/04/22/scripted-db-views.aspx

That post deals with the idea of user-created views. If you want to protect against XSS-style code injection attacks, you can sanitize your HTML.

0

精彩评论

暂无评论...
验证码 换一张
取 消