Revision as of 11:40, 12 September 2016

Since Louis factored out all HTML from qanda and added a configuration file to the templates, it's a small task to add a template engine, replace the PHP views with e.g. Twig templates.

Use-case

Template providers don't have to worry about core changes in the question view files
Template providers can apply any CSS framework specific HTML they want, like Foundation

Requirements

Must have

Template files in template zip packages can override question view files
Template zip package can upload template files in template editor

Should have

Possible to edit Twig/Mustache templates in template editor

Could have

?

Comparison between Twig and Mustache

Function	Twig	Mustache
Echo variable	{{var}}	{{var}}
Echo field in variable	{{var.field}}, {{var['field']}}	{{#var}} {{field}} {{/var}}
Loop variable	{% for user in users %} ... {% endfor %}	{{#users}} ... {{/users}}
Branch on boolean	{% if trueOrFalse %} ... {% endif %}	{{#trueOfFalse}} ... {{/trueOrFalse}}
Translate		Bind eT to lambda and then {{#eT}} "String to translate"" {{/eT}}
Sandbox	Yes	Not needed

Security

Longer article about template injection: http://blog.portswigger.net/2015/08/server-side-template-injection.html

The lowest risk approach is to simply use a trivial template engine such as Mustache

@@ Line 28: / Line 28: @@
 | Echo variable || <nowiki>{{var}}</nowiki> || <nowiki>{{var}}</nowiki>
 |-
-| Echo field in variable || <nowiki>{{var.field}}</nowiki> || <nowiki>{{#var}} {{field}} {{/var}}</nowiki>
+| Echo field in variable || <nowiki>{{var.field}}</nowiki>, <nowiki>{{var['field']}}</nowiki> || <nowiki>{{#var}} {{field}} {{/var}}</nowiki>
 |-
 | Loop variable || {% for user in users %}  ... {% endfor %} || {{#users}} ... <nowiki>{{/users}}</nowiki>

Template engine: Difference between revisions

From LimeSurvey Manual

Revision as of 11:40, 12 September 2016

Contents

Use-case

Requirements

Must have

Should have

Could have

Comparison between Twig and Mustache

Security