Closed leblancmeneses closed 11 years ago
This framework has no sandbox features (yet :-)
Okay i tried your solution here is one issue I had.
after installing the nuget package - I am having problems on our build server that uses nuget's package restore system. (we don't checkin dll's. I think it has to do with the naming convention and actual dll's you reference do not match) http://blog.nuget.org/20120518/package-restore-and-consent.html
fyi: about the sandbox feature ... https://github.com/RickStrahl/Westwind.RazorHosting seems to prevent access by hosting in another appdomain.
It probably was due to the fact that there were two versions 2.4 (2.4 and 2.4.0) on nuget. I published a new nuget package version 2.4.1 holding the same binaries (v2.4) and content.
When using isolation with appdomains you can constraint execute and access permissions. You cannot simply constraint things like creating threads, allocating memory, and other resource consuming things. If you start to allow untrusted users to execute untrusted code I think you should monitor and constraint that too, or else you should run each request in a seperate (balanced) process to protect any user from any other's misbehaviour. I decided that such behaviour is outside the scope of this framework, at this time.
I like the idea of using razor syntax in our email templates.
From what i can tell using this engine could have security implications if template editing is externalized.
We want end users to be able to update these templates. Does your framework support isolation/chroot - so that they cannot affect anything outside the template engine's sandbox?