I've been using raw variables in my templates since before I can remember, but for the next revision of my game I'm going to give users the ability to create their own styles. This presents a potential security issue, as if I allow raw variable use one could simply walk into Mordor and grab everyone's passwords.
Do you think I should
Do you think I should
- disable variable use in templates and use string replacement on certain key words? e.g. instead of $userinfo[username] it would be {userinfo_username} or something along those lines
or - allow only use of a variable inside a certain class? i.e. define a new class for publicly usable variables, $publicvariables, and escape a $ if it is not followed immediately by only that class name (allowing people to make references to dollar values)
or - replace all instances of $something with $publicvariables->something (goes hand in hand with b kinda)