this post was submitted on 19 Oct 2024
95 points (100.0% liked)
Rust
6003 readers
4 users here now
Welcome to the Rust community! This is a place to discuss about the Rust programming language.
Wormhole
Credits
- The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I am currently using it from a backend to generate pdfs.
One thing that prevents me from letting users build their own templates is the scripting capabilities. A joker creating an endless loop could block the whole server.
What would be nice is a "safe" mode in which no access to the file system (include and sorts) and limited runtime makes it safe to let users build their own templates.
I know little about servers, but can't you run the generation in a thread with a timeout or so? Or maybe compile to wasm and let the generation run on the users machines? I also know little about wasm, but I'd have guessed it has facilities to keep runtime and load under control.
Ah, are you by chance shelling out to the typst binary? You can actually use typst as a library, and then you've got full control over the files involved, so it's "safe" in that respect.
DUDE!
You are the man!
I did know it was built in rust but never realized I could also use it as a library!
🎉
Yeah I was very happy to find that out. I was calling latex externally before, and there was a lot of pain interacting with the filesystem and temporary files. Now it all happens in-memory :)
Exactly the same. Kicking of the binary now, but library could solve a lot of the security issues I was worried about.