Security of Text Templates
Text templates have the following security concerns:
Text templates are vulnerable to arbitrary code insertions.
If the mechanism that the host uses to find a directive processor is not secure, a malicious directive processor could be run.
Arbitrary Code
When you write a template, you can put any code within the <# #> tags. This allows arbitrary code to be executed from within a text template.
Be sure you obtain templates from trusted sources. Also, be sure to warn end users not to execute templates that come from non-trusted sources.
Malicious Directive Processor
The text template transformation process takes a text template file as the input, and then produces a new text file as the output. The engine component controls the process. It interacts with a text template transformation host and one or more text template directive processors to complete the process. For more information, see Architecture of the Text Template Transformation Process.
If the mechanism that the host uses to find a directive processor is not secure, a malicious directive processor could be run. The malicious directive processor could provide code that is run in FullTrust mode when the template is run. If you create a custom text template transformation host, you must use a secure mechanism, such as the registry, to locate directive processors.