I finding a php template engine allow user defined function only or it allow white-list functions only. My problem is I will let my user edit their templates. So I need a开发者_运维知识库 safe template engine.
The twig project ( http://www.twig-project.org/ ) has a sandbox mode.
Rain implements the sandbox with black_list, if you ask they might add the white list as well http://www.raintpl.com/
If you just need conditions(if), loops(for) and filters maybe my minimal Text-Template class could do the job: https://github.com/dermatthes/text-template
It's pure regular expressions without the need for filesystem access nor eval()'d code. So it should be quite secure. And it'll parse 50kB of template within <3ms.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论