[LPS-116075] Add support for a template engine with restricted capabilities so that it can be used in multi-customer installations (X) - Liferay Issues

XML

Word

Printable

Details

Type: Epic
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Core Infrastructure, Web Content > Web Content Administration, Widget Templates
Labels:
- d_21_04

Epic/Theme:
- Content_Administration
Epic Status:
To Do

Description

Currently Liferay provides support for several template engines, the most popular of which is Freemarker. However freemarker is quite powerful, allowing for the execution of Java code and taglibs. This makes it unfeasible for installations that are shared for several unrelated end customers, since the code introduced in a freemarker template could impact the system and thus all customers.

The goal of this Epic is to find a solution to this by adding support for a template engine that meets more strict scalability, performance, and security requirements that ensure is is safe to use them in multi-customer environments.

An alternative to adding support for a new template language would be to implement stricter restrictions for the execution of freemarker code and provide a configuration option to choose whether to run them in strict mode or not.

Attachments

Activity

People

Assignee:: Product Team Core Infrastructure

Reporter:: Jorge Ferrer

Recent user:: Marta Elicegui

Participants of an Issue:: Jorge Ferrer, Lee Jordan, Product Team Core Infrastructure

Votes:: 1 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 24/Jun/20 12:19 AM

Updated:: 6 days ago 9:24 AM

Packages

Version	Package