Issue php templating engine to user?

Question

Issue php templating engine to user?

I want to build a report builder in my web application. The user collects data through other parts of the site, and then should be able to generate "reports" in which he can use the specified data in the style of the document. I want the user to be able to use basic math functions, get / set their own variables, etc. I guess why reinvent the wheel? If I let the user write a report with something like the Twig Template Engine and include only certain extensions for them to use, does that make it reasonably safe? Twig templates already remove any php found in the markup, and there are not many powerful features that you can use other than basic line changes, etc. Let me know your thoughts.

+4

security php templates twig

Zach smith Aug 9 '11 at 21:42

source share

2 answers

If the twig does what you need, why not? This is pretty well done, has sandbox mode, and can compile templates. In contrast, suggesting PHP from PHP is hard to separate, so using some templates sounds good to me.

+1

hakre Aug 9 '11 at 21:58

source share

Problemmatic · Accepted Answer · 2011-08-09T21:50:50+0000

Twig has a pretty powerful sandbox extension that does exactly what you describe. Given a fairly tight security policy, I see no problems here.

Issue php templating engine to user?

More articles: