You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@velocity.apache.org by Lennart Benoot <le...@assutech.be> on 2003/12/02 17:51:10 UTC
Set output type in Velocity
Hey All,
I use Velocity to generate XML representing an Order. I put the Order in
the velocity context and different attributes of this object are put in
the the template. Some of these attributes might contain characters that
should be escaped in XML such as : & < etc. The best way to solve this
would be setting an output format in velocity: While parsing the
template, the filled in attributes are escaped by Velocity. Is this
possibe? And, if yes, how to i make Velocity do this?
Regards,
Lennart
---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org
RE: Set output type in Velocity
Posted by "mr.x" <mr...@tele2.ch>.
Hi Lebbart
I do have the same problem when outputting html. I want to output escaped
html code. So if the user enters < or > or something else, the charaters
must be escaped (to prevent cross-site script attacks and other)
I'm currently calling a class (stored in context) which has a static method
(public static String escape(String textToTreat)) and use this class for
each output in the velocity template:
(In my Servlet:)
ctx.put("text", new HtmlTreater());
(in my Template:)
$text.escape($somethingToOutput)
I can send you the HtmlTreater code if u are interessed
Regards
Rolf
-----Original Message-----
From: Lennart Benoot [mailto:lennart.benoot@assutech.be]
Sent: Dienstag, 2. Dezember 2003 17:51
To: velocity-user@jakarta.apache.org
Subject: Set output type in Velocity
Hey All,
I use Velocity to generate XML representing an Order. I put the Order in
the velocity context and different attributes of this object are put in
the the template. Some of these attributes might contain characters that
should be escaped in XML such as : & < etc. The best way to solve this
would be setting an output format in velocity: While parsing the
template, the filled in attributes are escaped by Velocity. Is this
possibe? And, if yes, how to i make Velocity do this?
Regards,
Lennart
---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org