well, in pileofrogs's case, he is using the template system offline, so there are now security issues. In online modus, there is the danger that the precompiled templates (stored in the filesystem) could be changed by a attacker, but that can happen also to people that use the precompiling stuff in TT. And yes, i prefer HTC over TT. | [reply] |
so there are now security issues. In online modus, there is the danger that the precompiled templates (stored in the filesystem) could be changed by a attacker, but that can happen also to people that use the precompiling stuff in TT
Tina's suggestion to not use H::T::C in production wasn't because of security issues, it was because of potential memory issues and lack of a test suite.
And yes, i prefer HTC over TT.
I wasn't questioning why you prefer H::T::C over TT, just pointing out that the author of H::T::C has reservations about using it in production.
| [reply] |
Tina's suggestion to not use H::T::C in production wasn't because of security issues, it was because of potential memory issues and lack of a test suite.
well, I said that in september 2005. =)
I had the opportunity to test the module in a bigger system recently, and it behaves pretty well regarding memory usage (so it might go into production there soon). The general test suite is growing, too, and Mark Stosberg is helping me now to fix open bugs and develop features.
but still, if you don't need the speed, and don't need the special features, use HTML::Template. it has much more users, and that sometimes can be better than a test suite. HTC is still in development, so if you use it in production, be sure to have a good test suite yourself.
| [reply] |