Clarification Request: Why are template layout no longer being cloned?
preslavrachev opened this issue · 1 comments
Hi,
I was trying to adapt the template loading and embedding logic for my Echo-based project when I noticed this part here:
Line 211 in 2fde445
I expected to see lay.Clone() being called here, because the current solution attaches the embed func globally. This could be a potential security threat, if someone ends up rendering main.html by mistake.
Checking the history, I saw that there was a version that cloned the template, but it was replaced, because a cloned template cannot be executed multiple times. But if you are always only executing the copy, why would the original template get executed in the first place?
I would love to hear your thoughts.
The real reason of what was causing gofiber/fiber#818 is that Engine uses a *template.Template instance to store and lookup all templates. If you replace that single instance with a map[string]*template.Template and use the map for lookup, you won't have this issue anymore, and you should be able to bring template cloning back.