Edgewall Software

Changes between Version 32 and Version 33 of GenshiFaq


Ignore:
Timestamp:
Jan 26, 2007, 10:15:19 PM (17 years ago)
Author:
cmlenz
Comment:

Add sandboxing question

Legend:

Unmodified
Added
Removed
Modified

  • GenshiFaq

    v32 v33  
    44
    55[[PageOutline(2-3, Overview, inline)]]
     6
    67
    78== General ==
     
    2829However, 99% of the templates used by web applications generate some kind of XML/HTML-based markup. We believe that web applications can benefit from a template engine that “knows what it's doing” when it comes to markup. You don't need to worry about generating output that is not well-formed, nor do you need to worry about accidentially not escaping some data, thereby greatly reducing the risk for introducing [http://de.wikipedia.org/wiki/Cross_Site_Scripting XSS] attack vectors. Furthermore, your templates look a lot more like the targetted output format: an HTML template looks like HTML, a template for an RSS feed looks like RSS. Directives in text-based template languages often result in rather messy templates, or produce excessive amounts of unnecessary white space.
    2930
     31See also [http://hsivonen.iki.fi/producing-xml/ HOWTO Avoid Being Called a Bozo When Producing XML], which has this say about text-based templating systems:
     32
     33  ''“Don’t use these systems for producing XML. Making mistakes with them is
     34  extremely easy and taking all cases into account is hard. These systems
     35  have failed smart people who have actively tried to get things right.”''
     36
     37This advice extends to HTML, of course.
     38
    3039In addition, text-based templates don't even work all that well for many text formats. Imagine you want to generate a plain text email or an [http://www.ietf.org/rfc/rfc2445.txt iCalendar] file. How do you deal with important concerns such as line-wrapping and white-space in your templates? You may be better off using specialized formatters.
    3140
     
    4554
    4655For more details about what's different see GenshiVsKid.
    47 
    48 === What other features does the toolkit provide? ===
    49 
    50 Beyond the XML-based template engine, Genshi provides:
    51  * a [wiki:Documentation/streams.html unified stream-based processing model] for markup, where
    52  * streams can come from XML or HTML text, or be [wiki:Documentation/builder.html generated programmatically] using a very simple syntax.
    53  * [wiki:Documentation/xpath.html XPath] can be used to query any stream, not just in templates.
    54  * Different serialization methods (XML, HTML, and plain text) for streams.
    55  * An HTML “sanitizing” filter to strip potentially dangerous elements or attributes from user-submitted HTML markup.
    56  * A simple text-based template engine that can be used for generating plain text output.
    57 
    58 === Why use includes instead of inheritance? ===
    59 
    60 We think that includes are both simpler and more natural for templating.
    61 
    62 Template inheritance is a concept that fits well with template languages where a master template provide “slots” that are “filled” by the inheriting templates. However, Genshi has no such feature, and instead uses the more powerful and flexible concept of [wiki:Documentation/xml-templates.html match templates].
    63 
    64 Furthermore, [http://www.w3.org/TR/xinclude/ XInclude] is a [http://www.w3.org/ W3C] standard, which means that it is more likely to be supported in authoring tools than some esoteric custom notation for including external resources.
    65 
    66 ''See also GenshiRecipes/PyExtendsEquivalent and GenshiRecipes/PyLayoutEquivalent to find out how the Kid directives `py:extends` and `py:layout` map to includes in Genshi.''
    67 
    68 [[Image(http://www.edgewall.org/gfx/opensource-75x65.png, width=75, height=65, align=right)]]
    6956
    7057=== What license governs the use of Genshi? ===
     
    9178
    9279The "official" pronunciation is "gen" (as in "get") and "shi" (as in "she").
     80
     81
     82== Features and Design ==
     83
     84=== What other features does the toolkit provide? ===
     85
     86Beyond the XML-based template engine, Genshi provides:
     87 * a [wiki:Documentation/streams.html unified stream-based processing model] for markup, where
     88 * streams can come from XML or HTML text, or be [wiki:Documentation/builder.html generated programmatically] using a very simple syntax.
     89 * [wiki:Documentation/xpath.html XPath] can be used to query any stream, not just in templates.
     90 * Different serialization methods (XML, HTML, and plain text) for streams.
     91 * An HTML “sanitizing” filter to strip potentially dangerous elements or attributes from user-submitted HTML markup.
     92 * A simple text-based template engine that can be used for generating plain text output.
     93
     94=== Why use includes instead of inheritance? ===
     95
     96We think that includes are both simpler and more natural for templating.
     97
     98Template inheritance is a concept that fits well with template languages where a master template provide “slots” that are “filled” by the inheriting templates. However, Genshi has no such feature, and instead uses the more powerful and flexible concept of [wiki:Documentation/xml-templates.html match templates].
     99
     100Furthermore, [http://www.w3.org/TR/xinclude/ XInclude] is a [http://www.w3.org/ W3C] standard, which means that it is more likely to be supported in authoring tools than some esoteric custom notation for including external resources.
     101
     102''See also GenshiRecipes/PyExtendsEquivalent and GenshiRecipes/PyLayoutEquivalent to find out how the Kid directives `py:extends` and `py:layout` map to includes in Genshi.''
     103
     104[[Image(http://www.edgewall.org/gfx/opensource-75x65.png, width=75, height=65, align=right)]]
     105
     106=== Is Genshi “sandboxable”? ===
     107
     108Or: ''“can I use Genshi to allow untrusted users to create and modify templates?”''
     109
     110'''No'''. Genshi allows embedding Python expressions in templates. That code runs with the permissions of the process running your web application. Malicious or misguided users can quite easily construct expressions that result in exposing sensitive information or even destroying data on your server.
     111
     112Unfortunately, Python does not yet provide a mode for [http://wiki.python.org/moin/SandboxedPython restricted execution]. Sandboxing Genshi will probably be possible as soon as that changes, but not before. Apparently [http://svn.python.org/view/python/branches/bcannon-objcap/securing_python.txt some progress] is being made, but we'll have to see how that develops.
     113
    93114
    94115== Usage ==