Skip to content

Commit

Permalink
Config freemarker with safer resolver
Browse files Browse the repository at this point in the history
  • Loading branch information
@JohnNiang
JohnNiang committed Dec 12, 2019
1 parent 568e487 commit dc3a73e
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/main/java/run/halo/app/config/WebMvcAutoConfiguration.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package run.halo.app.config;

import com.fasterxml.jackson.databind.ObjectMapper;
import freemarker.core.TemplateClassResolver;
import freemarker.template.TemplateException;
import freemarker.template.TemplateExceptionHandler;
import lombok.extern.slf4j.Slf4j;
Expand Down Expand Up @@ -131,6 +132,9 @@ public FreeMarkerConfigurer freemarkerConfig(HaloProperties haloProperties) thro

// Predefine configuration
freemarker.template.Configuration configuration = configurer.createConfiguration();

configuration.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);

if (haloProperties.isProductionEnv()) {
configuration.setTemplateExceptionHandler(TemplateExceptionHandler.RETHROW_HANDLER);
}
Expand Down

1 comment on commit dc3a73e

@JohnNiang
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Close #419

Please sign in to comment.