this post was submitted on 19 Oct 2024
95 points (100.0% liked)

Rust

6003 readers
4 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 1 year ago
MODERATORS
 

Typst is a new markup-based typesetting system that is designed to be as powerful as LaTeX while being much easier to learn and use

Typst is awesome, in particular if you want to generate documents programmatically.

you are viewing a single comment's thread
view the rest of the comments
[–] Cpo@lemm.ee 1 points 1 week ago (4 children)

I am currently using it from a backend to generate pdfs.

One thing that prevents me from letting users build their own templates is the scripting capabilities. A joker creating an endless loop could block the whole server.

What would be nice is a "safe" mode in which no access to the file system (include and sorts) and limited runtime makes it safe to let users build their own templates.

[–] KillTheMule@programming.dev 1 points 1 week ago (1 children)

One thing that prevents me from letting users build their own templates is the scripting capabilities. A joker creating an endless loop could block the whole server.

I know little about servers, but can't you run the generation in a thread with a timeout or so? Or maybe compile to wasm and let the generation run on the users machines? I also know little about wasm, but I'd have guessed it has facilities to keep runtime and load under control.

What would be nice is a “safe” mode in which no access to the file system (include and sorts) and limited runtime makes it safe to let users build their own templates.

Ah, are you by chance shelling out to the typst binary? You can actually use typst as a library, and then you've got full control over the files involved, so it's "safe" in that respect.

[–] Cpo@lemm.ee 1 points 1 week ago (1 children)

DUDE!

You are the man!

I did know it was built in rust but never realized I could also use it as a library!

🎉

[–] KillTheMule@programming.dev 1 points 1 week ago (1 children)

Yeah I was very happy to find that out. I was calling latex externally before, and there was a lot of pain interacting with the filesystem and temporary files. Now it all happens in-memory :)

[–] Cpo@lemm.ee 1 points 1 week ago

Exactly the same. Kicking of the binary now, but library could solve a lot of the security issues I was worried about.

load more comments (2 replies)