On Fri, Jul 3, 2009 at 1:27 PM, Sergey
Chernyshev<sergey.chernyshev(a)gmail.com> wrote:
I think you're confusing simple logic of
ParserFunctions in the template
with a full scripting language like PHP.
In what way is the logic of ParserFunctions "simple"? If you ignore
the limitations on parse length, it's Turing-complete.
That's why I proposed to look at something
simplified like Smarty or alike.
Hmm. Smarty looks interesting, at a quick glance. I suspect it's not
designed to be secure against DoS, so it would need some kind of
sandboxing. Hopefully less than some of the other solutions we're
contemplating, though! I'd think it might serve okay, if we wrote
enough custom functions to replace the existing ParserFunctions. I'm
not sure.