Templates engines allow developers to use static template files in applications that are independent of the backend layer. At runtime, the template engine replaces whatever needs to be replaced and generates an HTML file to present it to the client. This model is useful for designing HTML sites.
For example, you just define a template like this:
app.set('view engine', 'pug') html head title= title body h1= message
You will get the following:
app.get('/', function (req, res) { res.render('index', { title: 'Hey', message: 'Hello there!' }) })
When a user accesses the application asking for the website, the template engine will translate this file, parsing the information provided by the user, and will create the HTML code to display to the user.
In this chapter, we'll cover the following topics:
- Detection
- Exploitation
- Mitigation