I find that the php template engine allows only a user-defined function or only permits whitelist functions. My problem is that I will allow the user to edit their templates. Therefore, I need a secure template engine.
The twig project ( http://www.twig-project.org/ ) has a sandbox mode.
Rain implements a blacklisted sandbox if you ask them to add a whitelist http://www.raintpl.com/
(if), () , , Text-Template : https://github.com/dermatthes/text-template
eval() 'd. . 50 < 3.
Source: https://habr.com/ru/post/1762084/More articles:Convert early modern English to 20th century spelling using NLTK - pythonphp: parse string from html - domInvalid Session in FF, Tomcat - jspA gem that allows you to use data access using plastered mysql databases while maintaining the use of Activerecord - mysqlC Unstringification with Macros - cCan I ignore or suppress warnings in JDBC for MySQL? - mysqlCMS and high traffic sites: PHP and MySQL - performanceFreezing Manipulation At Home - domFind an array of PHP array objects - objectC # - Adding an event handler for all instances of a class - c #All Articles