You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@velocity.apache.org by "Byron Foster (JIRA)" <de...@velocity.apache.org> on 2009/02/27 22:55:12 UTC
[jira] Commented: (VELOCITY-705) Dynamic VTL reference modification
directive
[ https://issues.apache.org/jira/browse/VELOCITY-705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12677552#action_12677552 ]
Byron Foster commented on VELOCITY-705:
---------------------------------------
There is the notion of the Context event handler which is a little more dynamic, but unfortunately it is terribly inefficient.
In the 2.0exp branch I added a simple interface for writers just for this type of thing. the interface add a writeReference(String str) method. If the writer passed to Velocity implements this interface then it calls this method to write references instead of write(String). This provided the ability to intercept reference rendering at the writer level.
I implemented a directive called #escape that provides much of the functionality you describe and takes advantage of the above writer interface. you call it like #escape(xml) ... #end. The escaping behavior operates in a stack of course so you can do this type of thing:
#escape(xml)
...
#escape(url)
....
#end
#escape(none)
....
#end
...
#end
In reality I do web stuff, so escaping xml is on by default. Anyway, i was going to submit it once I had test driven it for a while, and liked how it worked. 2.0 may not work for you :), but you're welcome to take a look. Making it work for 1.7 wouldn't be a big deal. I was thinking of also implementing the ability to take a Map as a parameter which maps chars to escape sequences. so you could call it like #escape($myesc) where $myesc contains the map.
> Dynamic VTL reference modification directive
> --------------------------------------------
>
> Key: VELOCITY-705
> URL: https://issues.apache.org/jira/browse/VELOCITY-705
> Project: Velocity
> Issue Type: New Feature
> Components: Engine
> Reporter: Jarkko Viinamäki
>
> Currently EventHandlers are defined in velocity.properties like:
> eventhandler.referenceinsertion.class =
> The problem is that AFAIK this handler is active in every reference evaluation (and every template). I propose a dynamic setting that can be chained and turned on and off during template rendering.
> Syntax might be something like:
> #filter($myReferenceModifier)
> any VTL here ($foo type references are modified using the class referred by $myReferenceModifier)
> #end
> The basic idea is that you put some classes that implement e.g. ReferenceInsertionEventHandler interface to the Context and then you can use those to filter/modify some selected parts of the template. #filter directive should allow nesting (one #filter directive contain another #filter directive).
> It's probably also necessary to disable filtering for selected elements inside the filter block.
> It might be also useful to be able to limit the amount of reference names that are passed to the filter. Like:
> #filter($myReferenceModifier ['a', 'foo', 'html'])
> ----
> Use Case for this feature is that often you need to escape form values and other elements to avoid XSS attacks etc. Escaping all references in all templates seems like an overkill (and isn't very performance friendly either). This feature would allow you to do escaping dynamically only for selected elements.
> What do you think?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org