-
Type:
Epic
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Labels:
-
Epic/Theme:
-
Epic Status:To Do
Currently Liferay provides support for several template engines, the most popular of which is Freemarker. However freemarker is quite powerful, allowing for the execution of Java code and taglibs. This makes it unfeasible for installations that are shared for several unrelated end customers, since the code introduced in a freemarker template could impact the system and thus all customers.
The goal of this Epic is to find a solution to this by adding support for a template engine that meets more strict scalability, performance, and security requirements that ensure is is safe to use them in multi-customer environments.
An alternative to adding support for a new template language would be to implement stricter restrictions for the execution of freemarker code and provide a configuration option to choose whether to run them in strict mode or not.