More than an advertisement, this is a request for feedback.
A modular cache has been implemented in Neutral TS that also allows parts of the cache to be excluded.
The issue is that in addition to complexity it is something that can affect security. By default Neutral TS does not evaluate the values of the variables, but with the cache it is possible that this happens, then only the “!cache” part is evaluated and all the variables are escaped. In security matters, the more eyes... the better...
Any comments on the operation of the cache, or on security would be greatly appreciated.
This feature is in beta phase and I have created a repository with a small example that can be run in the terminal, without the need of a server:
I copy and paste here the README:
Template engine with cache and !cache - Neutral TS
Example of the Neutral TS cache in the terminal.
Download, navitate to neutral-cache-test directory and:
cargo run
Arbitrary key/value arguments can be set:
cargo run -- --argname argvalue
cargo run -- --argname "arg value"
There is an argument (inject) designed to try to inject code:
cargo run -- --inject "{:include; /path/to/secrets :}"
inject has the default value {:exit; 403 :}, what happens if the injection succeeds can be tested with:
cargo run -- --exit 403
The directory of the disk cache will be the temporary directory of the system, it can be changed in main.rs is indicated.
Cache
The cache is modular, allowing only parts of the template to be included in the cache:
<!DOCTYPE html>
<html>
<head>
<title>Cache</title>
</head>
<body>
{:cache; /120/ >>
<div>{:code; ... :}</div>
:}
<div>{:date; %H:%M:%S :}</div>
{:cache; /120/ >>
<div>{:code; ... :}</div>
:}
</body>
</html>
Or exclude parts of the cache, the previous example would be much better like this:
{:cache; /120/ >>
<!DOCTYPE html>
<html>
<head>
<title>Cache</title>
</head>
<body>
{:!cache;
{:date; %H:%M:%S :}
:}
</body>
</html>
:}
Overview of cache syntax
{:cache; /expires/addtoid/only_custom_id/ >> ... :}
{:cache; /expires/addtoid/ >> ... :}
{:cache; /expires/ >> ... :}
{:!cache; ... :}
- expires: Seconds of life in the cache
- addtoid: Add a literal to the cache ID
- only_custom_id: Use only the ID passed as ID
The only mandatory parameter is expires, the cache automatically generates an ID with context data, such as language, cookies, ... and code.
Example
The example template is in the neutral-cache-test/tpl directory with the name index.ntpl, you can modify it as much as you want.
Links
Edit:
I have not said that Neutral TS is originally written in PHP with this and other features working without problems for years. The problems can come when rewriting the code to Rust.