You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@velocity.apache.org by Lennart Benoot <le...@assutech.be> on 2003/12/02 17:51:10 UTC

Set output type in Velocity

Hey All,

I use Velocity to generate XML representing an Order. I put the Order in 
the velocity context and different attributes of this object are put in 
the the template. Some of these attributes might contain characters that 
should be escaped in XML such as : &  < etc. The best way to solve this  
would be setting an output format in velocity: While parsing the 
template, the filled in attributes are escaped by Velocity. Is this 
possibe? And, if  yes, how to i make Velocity  do this?

Regards,
Lennart


---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org

RE: Set output type in Velocity

Posted by "mr.x" <mr...@tele2.ch>.

Hi Lebbart

I do have the same problem when outputting html. I want to output escaped
html code. So if the user enters < or > or something else, the charaters
must be escaped (to prevent cross-site script attacks and other)

I'm currently calling a class (stored in context) which has a static method
(public static String escape(String textToTreat)) and use this class for
each output in the velocity template:

(In my Servlet:)
ctx.put("text", new HtmlTreater());
 
(in my Template:)
$text.escape($somethingToOutput)

I can send you the HtmlTreater code if u are interessed

Regards
Rolf

-----Original Message-----
From: Lennart Benoot [mailto:lennart.benoot@assutech.be] 
Sent: Dienstag, 2. Dezember 2003 17:51
To: velocity-user@jakarta.apache.org
Subject: Set output type in Velocity


Hey All,

I use Velocity to generate XML representing an Order. I put the Order in 
the velocity context and different attributes of this object are put in 
the the template. Some of these attributes might contain characters that 
should be escaped in XML such as : &  < etc. The best way to solve this  
would be setting an output format in velocity: While parsing the 
template, the filled in attributes are escaped by Velocity. Is this 
possibe? And, if  yes, how to i make Velocity  do this?

Regards,
Lennart


---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org