Sandbox

Another useful feature of Templates is that it operates within a controlled sandbox where each TemplateContext instance is isolated and defines the entire execution environment on which Templates are executed within as such it should be safe to run Templates from untrusted 3rd Party sources as they're confined to what's available within their allowed TemplateContext instance.

TemplateContext

The only functionality a new TemplateContext instance has access to are the safe set of default filters and the htmlencode Filter Transformer. Templates can't call methods on instances or have any other way to invoke a method unless it's explicitly registered.

If running a template from an untrusted source we recommend running them within a new TemplateContext instance so they're kept isolated from any other TemplateContext instance. Context's are cheap to create, so there won't be a noticeable delay when executing in a new instance but they're used to cache compiled lambda expressions which will need to be recreated if executing Templates in new TemplateContext instances. For improved performance you can instead have all untrusted templates use the same TemplateContext instance that way they're able to reuse compiled expressions.

Remove default filters

If you want to start from a clean slate, the default filters can be removed by clearing the TemplateFilters collection:

context.TemplateFilters.Clear();

Disabling adhoc Filters

Or if you only want to disable access to some filters without removing them all, you can disable access to adhoc filters by adding to the ExcludeFiltersNamed collection:

var context = new TemplateContext {
    ExcludeFiltersNamed = { "partial", "selectPartial" }
}.Init();
Filters can also be disabled on an individual PageResult by populating its ExcludeFiltersNamed collection.

Instance creation and MaxQuota

The only instances that can be created within templates are what's allowed in JavaScript Literals and the Generation and Repeating Filters. To limit any potential CPU and GC abuse any default filters that can generate instances are limited to a MaxQuota of 10000 iterations. This quota can be modified with:

var context = new TemplateContext {
    Args = {
        [TemplateConstants.MaxQuota] = 1000
    }
}.Init();

made with by ServiceStack