By applying /templatealias or ?alttemplate=templatealias to the url you can display you content in an...well, alternative way than to what you have defined as the standard, which can be really usefull when you need to display your content differently than normal.
Why would you want it to be limited to the defined templates on the document type? The website visitors don't have any chance to know how to see the content with the alternative templates so I can't see what "dangers"/risks there are with this? :-) What are your thoughts?
I agree there aren't any major risks, apart from content being displayed in an ugly way should a user apply a template he shouldn't do!
For what its worth, this was the situation i was in:
I have some 'secure' content that i want to make available via rss. I can't put a login in rss (can i?!) so my idea was to create a 'public' version of the page with its own 'rss' template that only returned a headline of the information in rss format. So the user clicks through to the site, logs in and reads the news if he wants to. The 'hole' is if the user changes the template to one that displays more information then they can get that information without logging in.
I got round this by changing the content of the public content page, that only makes non-secure information available regardless of template applied. In other words i should have designed the site better in the first place :)
Allowed templates and /template shortcut
I was surprised that i can apply *any* template by appending /templatealias to the url of a page.
Should this not be limited to the templates specified as allowed templates?
Hi Paul
By applying /templatealias or ?alttemplate=templatealias to the url you can display you content in an...well, alternative way than to what you have defined as the standard, which can be really usefull when you need to display your content differently than normal.
Why would you want it to be limited to the defined templates on the document type? The website visitors don't have any chance to know how to see the content with the alternative templates so I can't see what "dangers"/risks there are with this? :-) What are your thoughts?
/Jan
Hi Jan
I agree there aren't any major risks, apart from content being displayed in an ugly way should a user apply a template he shouldn't do!
For what its worth, this was the situation i was in:
I have some 'secure' content that i want to make available via rss. I can't put a login in rss (can i?!) so my idea was to create a 'public' version of the page with its own 'rss' template that only returned a headline of the information in rss format. So the user clicks through to the site, logs in and reads the news if he wants to. The 'hole' is if the user changes the template to one that displays more information then they can get that information without logging in.
I got round this by changing the content of the public content page, that only makes non-secure information available regardless of template applied. In other words i should have designed the site better in the first place :)
Cheers
Paul
is working on a reply...