How dangerous is it to let users specify RazorEngine templates?

Question

I have mail-merge like functionality, which takes a template, some business object, and produces html which is then made into PDF.

I\'m using RazorEngine to do the t

Answer 1

I believe that having removed using statements and replacing any @System.[...] like System.IO.File.Delete(filepath) using regex can reduce a fair amount of possible security holes.

Keep in mind that the Template runs inside a context and can access only what is available in it but that includes also .NET Framework assemblies.