Securing Untrusted Templates

[PhasecoreX]

I'd like to use MiniJinja to process user provided (untrusted) templates. I was wondering if this is a bad idea, or what steps I should take to secure this as much as possible so that it's a good idea. The templates will be rendered with render_str() on-demand; no templates loaded from files or being imported. The user provides a template string, and I render them with a preset context. I don't want them to be able to craft a malicious template and be able to extract unauthorized data. So, any information or insights on any of this would be greatly appreciated!

What I've Done So Far

Since these are going to be simple string templates with no imports allowed, I've removed the macros and multi_template features:

minijinja = { version = "2.10.2", default-features = false, features = [
    "adjacent_loop_items",
    "builtins",
    "debug",
    "deserialization",
    "fuel",
    "loop_controls",
    "std_collections",
    "serde",
] }

I've also added the fuel feature to prevent long processing, and I've removed all global functions (debug, dict, namespace, and range). As far as I can tell, all of the filters are okay to keep, and I don't think it's possible to manually disable tags.

Why

I'm trying to switch from Liquid over to MiniJinja since MiniJinja seems easier to extend and has the fuel feature. With Liquid, I had full control over what blocks (tags) and filters were present in the parser, which should protect against untrusted templates. However, I had to remove pretty much all tags (like the for tag) in order to prevent log-running templates. I like the idea of a fuel system instead. The other option was to switch to Tera, however it has a get_env function by default which is not good for untrusted templates and makes me worry what other capabilities it has. As far as I can tell, MiniJinja doesn't have anything that reads from the disk/environment variables (besides import, which I disabled). I just need a very simple and safe template engine.

Thank you for any help!

[mitsuhiko]

It should be pretty safe with the fuel feature. If there is place for further hardening I'm happy to look into it. Removing tags makes the system too restrictive to be useful IMO.