mrml icon indicating copy to clipboard operation
mrml copied to clipboard
verified publisher icon jdrouet

load mj-include templates from http url with mrml-wasm

Open jdrouet opened this issue 2 years ago • 2 comments

jdrouet avatar Nov 30 '23 16:11 jdrouet

What is the state of our support for mj-include? Have we ironed out the potential security issues, WASM support and other considerations?

If so, I'd like to see what work is left and I can take it on.

If not, I'd like to work together to flesh out what decision points we have left

iJustErikk avatar Dec 30 '23 20:12 iJustErikk

👋 Hi Erik, thanks for this comment. If you look at the current implementation of loaders (here) you can configure the parser so that the loader only allows some domains or paths. This is a good security if you use it in nodejs for example. If you use it in the browser, you have the browser security that won't let you some cross domain requests, etc. Do you have a specific use case in mind?

jdrouet avatar Jan 03 '24 12:01 jdrouet