[LPS-116075] Add support for a template engine with restricted capabilities so that it can be used in multi-customer installations (X) - Liferay Issues

XML

Word

Printable

Details

Type: Epic
Status: Closed
Priority: Minor
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: None
Component/s: Core Infrastructure, Web Content > Web Content Administration, Widget Templates
Labels:
- d_21_04

Epic/Theme:
- Content_Administration
Epic Status:
To Do

Description

Currently Liferay provides support for several template engines, the most popular of which is Freemarker. However freemarker is quite powerful, allowing for the execution of Java code and taglibs. This makes it unfeasible for installations that are shared for several unrelated end customers, since the code introduced in a freemarker template could impact the system and thus all customers.

The goal of this Epic is to find a solution to this by adding support for a template engine that meets more strict scalability, performance, and security requirements that ensure is is safe to use them in multi-customer environments.

An alternative to adding support for a new template language would be to implement stricter restrictions for the execution of freemarker code and provide a configuration option to choose whether to run them in strict mode or not.

Attachments

Issue Links

is duplicated by

LPS-102336 As a Template Creator I would like to create universal templates leveraging fragments

In Refinement

Activity

People

Assignee:: Product Team Core Infrastructure

Reporter:: Jorge Ferrer

Recent user:: Tarik Demnati

Participants of an Issue:: Jorge Ferrer, Lee Jordan, Product Team Core Infrastructure

Votes:: 1 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 24/Jun/20 12:19 AM

Updated:: 20/May/21 1:19 AM

Resolved:: 12/Apr/21 7:47 AM

Packages

Version	Package