|Important||This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here.|
Security of Text Templates
Text templates have the following security concerns:
Text templates are vulnerable to arbitrary code insertions.
If the mechanism that the host uses to find a directive processor is not secure, a malicious directive processor could be run.
The text template transformation process takes a text template file as the input, and then produces a new text file as the output. The engine component controls the process. It interacts with a text template transformation host and one or more text template directive processors to complete the process. For more information, see Architecture of the Text Template Transformation Process.
If the mechanism that the host uses to find a directive processor is not secure, a malicious directive processor could be run. The malicious directive processor could provide code that is run in FullTrust mode when the template is run. If you create a custom text template transformation host, you must use a secure mechanism, such as the registry, to locate directive processors.