On Fri, Jul 3, 2009 at 1:27 PM, Sergey Chernyshevsergey.chernyshev@gmail.com wrote:
I think you're confusing simple logic of ParserFunctions in the template with a full scripting language like PHP.
In what way is the logic of ParserFunctions "simple"? If you ignore the limitations on parse length, it's Turing-complete.
That's why I proposed to look at something simplified like Smarty or alike.
Hmm. Smarty looks interesting, at a quick glance. I suspect it's not designed to be secure against DoS, so it would need some kind of sandboxing. Hopefully less than some of the other solutions we're contemplating, though! I'd think it might serve okay, if we wrote enough custom functions to replace the existing ParserFunctions. I'm not sure.