Alex,
The template parser would not need to know very much about the globals.
The sub { ...perl code... } information could be used to find the perl code parts in globals and
ignore parsing of anything between sub { and }, therefore I don't aggree with you,
that there is security leak using the way I suggested here.
Yes, I aggree with you about the performance hit. It is only worth to implement parsing of globals, if the performance will be not affected very much.
But I think, ignoring the sub { ...perl code... } in globals would not affect performance very much, just a bit. And remember globals means mostly small strings, especially if we ignore the perl code parts...
In addition, if you add the Global parsing feature option which make possible to turn off parsing of globals, then users could decide themself, if they need to use this feature or not.
Because the performance thing we discussed, I suggest the Global parsing feature option
to be turned OFF by default.
Let me know your opinion.
Best regards,
Webmaster33
Paid Support from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
The template parser would not need to know very much about the globals.
The sub { ...perl code... } information could be used to find the perl code parts in globals and
ignore parsing of anything between sub { and }, therefore I don't aggree with you,
that there is security leak using the way I suggested here.
Quote:
This would add a significant overhead as every global would need a separate call through GT::Template->parse. I can see the use for it in some cases, but I think the performance hit is too great.But I think, ignoring the sub { ...perl code... } in globals would not affect performance very much, just a bit. And remember globals means mostly small strings, especially if we ignore the perl code parts...
In addition, if you add the Global parsing feature option which make possible to turn off parsing of globals, then users could decide themself, if they need to use this feature or not.
Because the performance thing we discussed, I suggest the Global parsing feature option
to be turned OFF by default.
Let me know your opinion.
Best regards,
Webmaster33
Paid Support from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...
