Search code examples
asp.net-mvcviewengine

Choosing the MVC view engine


I want to allow the end-users of my web application to modify views (via web based back office), stored in the database. The desired view engine is expected to be code-injection safe, meaning that the end-user will be limited to the absolute minimum number of expressions available, no server code inserts are allowed.

Is any suitable view engine available to download?


Solution

  • I don't know of any existing engine, but Phil Haack has a post on storing views in a database: http://haacked.com/archive/2009/04/22/scripted-db-views.aspx

    That post deals with the idea of user-created views. If you want to protect against XSS-style code injection attacks, you can sanitize your HTML.