Is Smarty-PHP template engine secure for generating static websites?

So, assuming that:

  • Your pages do not receive any kind of user input and templates do not use neither request parameters, nor headers
  • Your templates are being populated by content found on the server’s filesystem
  • The content is put there by SFTP
  • In this question you don’t care about attack vectors outside of the template engine itself (because there are other attack vectors, e.g. through SFTP or shared filesystem with malicious users)

and given that a template engine results in html, then the answer is that no, your setup is not less secure than plain html pages.

Leave a Reply

Your email address will not be published. Required fields are marked *