Sandbox support

Jan 27, 2011 at 6:40 PM

Hello, I have been investigating on the ability to add support for sandboxing. I came out with a nice solution which I would like to discuss if there is enough interest.

Thanks

Coordinator
Jan 28, 2011 at 9:01 AM

By Sandboxing, do you mean to introduce policies to restrict the types that can be used in a template? If so, I have also been considering it.  Or are you more leaning towards AppDomain segregation of templates, ala Rick Strahl's implementation: http://www.west-wind.com/weblog/posts/864461.aspx?

Jan 28, 2011 at 5:33 PM

I don't think you can restrict the types without using Rick Strahl's approach. But basically the idea is that the template Engine should allow only the minimum access required for presenting the data. See this PDF from Terence Parr (the same guy behind ANTLR) http://www.cs.usfca.edu/~parrt/papers/mvc.templates.pdf

In this way allowing people to download/upload/install templates would be very safe as opposed to an architecture like WP/ASPX pages/pure Razor pages/etc.