]
Jan 29

In general, the temptation to bring the templating language close to the programming domain is high. It creates a possibility to do all things which the programming language can do as well, often powerfull and most of the time dangerous.

In BL there is some PHP syntax hidden in the tags (for example the evaluation of conditions in if and while constructs).

Here’s a good example why the domain of the blocklayout templating system and the programming language in which it was implemented should be separated.

Because the domain of blocklayout and PHP are so tight together now, this is just one example of what can happen.

Bug 107 - <xar:set> allows PHP to be executed

comments powered by Disqus