Hi,
The template parser doesn't understand the concept of globals. It just parses a template, and a hash ref of tags to do replacements of. If you allowed template tags themselves to be parsed, you are opening up the possiblity of cgi input being parsed (i.e. someone passes into your script tag=<%include /etc/passwd%>).
The application (Links SQL, GForum, etc) would need to mark ceartain tags as safe, and allow the template parser to reparse them. You couldn't preparse the tag, as you might not have all the variables, i.e.:
<%loop some_loop%>
<%global%>
<%endloop%>
When does the output of <%global%> get parsed? After it's displayed? What if the output to of global contains temlate tags, it would then get parsed as well. It gets very nasty, very quickly.
This would add a significant overhead as every global would need a separate call through GT::Template->parse. I can see the use for it in some cases, but I think the performance hit is too great.
Cheers,
Alex
--
Gossamer Threads Inc.
The template parser doesn't understand the concept of globals. It just parses a template, and a hash ref of tags to do replacements of. If you allowed template tags themselves to be parsed, you are opening up the possiblity of cgi input being parsed (i.e. someone passes into your script tag=<%include /etc/passwd%>).
The application (Links SQL, GForum, etc) would need to mark ceartain tags as safe, and allow the template parser to reparse them. You couldn't preparse the tag, as you might not have all the variables, i.e.:
<%loop some_loop%>
<%global%>
<%endloop%>
When does the output of <%global%> get parsed? After it's displayed? What if the output to of global contains temlate tags, it would then get parsed as well. It gets very nasty, very quickly.
This would add a significant overhead as every global would need a separate call through GT::Template->parse. I can see the use for it in some cases, but I think the performance hit is too great.
Cheers,
Alex
--
Gossamer Threads Inc.
