I'm an asp.net mvc 3 newbie, I'm developing a site that allow user customize their layout and use razor template engine. Thay could direct edit the template file.
开发者_Go百科How to retrict user from only allow uses some explicit helper in a template. I dont want user access other dangerous server functions, and only use what I added.
Thanks
There are two cases:
- You trust your users: in this case you shouldn't be worried as they won't break your site
- You don't trust your users (most probable): in this case giving them the possibility to directly modify the templates seems a risky affair. You will need a pretty solid sanitizing tool that will filter all other helpers that you don't want. It's just too broad. Giving them the possibility to write markup would be OK with for example some WYSIWYG editor like WMD but giving them access to server code is asking for trouble.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论