Design a secure templating engine for user notifications
Tests balancing creator flexibility with defense-in-depth security and i18n. Strong answers cover context-aware auto-escaping, a restricted AST grammar, ICU MessageFormat for pluralization, and sandboxed execution.
Tests whether you can design a domain-specific language that empowers non-engineers without opening security holes. A great answer walks through four layers: parsing untrusted templates into an immutable AST with a whitelist of nodes, applying context-aware escaping based on the output channel like email versus push, leveraging ICU MessageFormat or CLDR for grammatically correct pluralization and gender across locales, and executing in a sandbox with resource limits.
Read the original → Wikipedia: Template processor
- #templating
- #security
- #i18n
- #system-design
- #dsl
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.