Open davej opened 8 years ago
So far I've only whitelisted anything outputting CSS or Javascript. Most of the Html templating sources also need a data object to include in the evaluation of the template, meaning it's a much more dynamic scope than the Css and Javscript sources. So to make it easier on myself I just excluded Html producing engines to begin with.
If you have a known whitelist of Html producers in Accord that don't require a data object to evaluate the templates I think we should just add them to the whitelist. Markdown also comes to mind here
Cool.
FYI you have also whitelisted Markdown and Swig in tolk. Although I'm not sure how swig can be used without a data object.
Jade seems to work ok for me, just wondering if there's a reason why it isn't whitelisted?