templating system that is safe for end users to edit

Question

Is there a templating system in asp.net MVC that is safe for end users to edit online?

I want something like: http://www.liquidmarkup.org/

score 7 · Accepted Answer · answered Apr 08 '11 at 11:46

7

You may checkout DotLiquid.

answered Apr 08 '11 at 11:46

Darin Dimitrov

1,023,142
271
3,287
2,928

score 0 · Answer 2 · answered Apr 08 '11 at 11:37

0

Have you looked into the jquery template engine? It may do what you are looking for if your users are comfortable with the syntax.

answered Apr 08 '11 at 11:37

Chris Meek

5,720
9
35
44

score -3 · Answer 3 · answered Apr 06 '11 at 14:53

Having users edit anything is generally un-safe.

If you accept HTML inputs you will probably open up the door for an XSS attack regardless of your prevention mechanisms. There is always some new XSS attack script being discovered.

Taking that last statement into account any templating language for .net is probably just as safe as all the others. Remember that templating systems for interpreted languages have to take extra precautions to solve vulnerabilities you won't find with a compiled language.

with liquid, you pass it the objects and it uses those objects only, so you can't do response.write(blah.connectionstring); — Blankman, Apr 06 '11 at 15:26

templating system that is safe for end users to edit

3 Answers3

Linked