Re: [xwiki-users] groovy in vm templates

On Sep 29, 2005, at 3:13 PM, Ludovic Dubost wrote: I still don't see the problem - probably just because I'm not as familiar with the system as you are :) Say I use the renderText() method to run some groovy, and someone creates a skin that overrides my vm file, they still aren't executing anything other than what I enabled in my vm file - in fact they are explicitly choosing to not execute my groovy code unless they include it somehow. Or are you saying that that to alllow groovy scripts in general in vm files would be a security risk because then any skin could include a groovy script in them? If thats the case, isn't this just a matter of adding the programming rights check to the vm files in the skin? Having the ability to use a scripting language in the vm files is great for allowing me to quickly prototype stuff, or for others to customize xwiki behavior without having to go through the overhead of creating a plugin - but only if it can be done without creating a security risk. Matt