You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@velocity.apache.org by Ed Yu <ek...@asgnet.psc.sc.edu> on 2002/07/15 15:43:39 UTC
HTML escape sequence filtering (is there a tool for that?)
I'm looking into JSP migration to Velocity. There is one feature that
the <bean:write ... filter="true"> tag offer, the ability to filer
special html characters (<, >, &, etc...). Currently is there a "tool"
to perform such filtering?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Ed Yu, IBM Certified Specialist - AIX System Administrator
Information Technology Manager,
University of South Carolina,
Advanced Solutions Group, Physics Dept.,
Columbia, SC 29208
Office (803)777-8831, FAX (803)777-8833, Email ekyu@asgnet.psc.sc.edu
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: HTML escape sequence filtering (is there a tool for that?)
Posted by Gabriel Sidler <si...@teamup.ch>.
Ed Yu wrote:
> I'm looking into JSP migration to Velocity. There is one feature that
> the <bean:write ... filter="true"> tag offer, the ability to filer
> special html characters (<, >, &, etc...). Currently is there a "tool"
> to perform such filtering?
The LinkTool of VelocityStruts supports URL encoding of query parameters.
See http://www.teamup.com/jakarta-velocity-tools/struts/docs/LinkTool.html
But that's probably not exactly what you are looking for...
Gabriel
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Ed Yu, IBM Certified Specialist - AIX System Administrator
> Information Technology Manager,
> University of South Carolina,
> Advanced Solutions Group, Physics Dept.,
> Columbia, SC 29208
> Office (803)777-8831, FAX (803)777-8833, Email ekyu@asgnet.psc.sc.edu
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
> .
>
>
--
--
Gabriel Sidler
Software Engineer, Eivycom GmbH, Zurich, Switzerland
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: HTML escape sequence filtering (is there a tool for that?)
Posted by "Geir Magnusson Jr." <ge...@adeptra.com>.
On 7/15/02 3:30 PM, "Geir Magnusson Jr." <ge...@adeptra.com> wrote:
> On 7/15/02 1:38 PM, "Jon Scott Stevens" <jo...@latchkey.com> wrote:
>
>> on 7/15/02 6:43 AM, "Ed Yu" <ek...@asgnet.psc.sc.edu> wrote:
>>
>>> I'm looking into JSP migration to Velocity. There is one feature that
>>> the <bean:write ... filter="true"> tag offer, the ability to filer
>>> special html characters (<, >, &, etc...). Currently is there a "tool"
>>> to perform such filtering?
>>
>> Even better than Geir's suggestion (which is terribly not MVC
>
> I'll beg to differ. I think that this is just fine MVC as this is a view
> issue - if the data is to be XML encoded vs URL encoded vs translated to
> spanish vs translated to Klingon vs... That, to me, is a view thing.
> Otherwise you have to teach your model about presentation.
>
Just to be clear - re-reading this, in the case of language, I am unsure
about if the translation should be here or elsehwere - it probably belongs
elsehwere, as that's data.
However, I still think that this kind of view-specific encoding (the XML) is
just fine here....
>> and prone to
>> mistakes...what if you forget to filter some user supplied data? You then
>> have a cross site scripting hole)
>
> This I agree with 100% :)
>
>> ...is to write a ReferenceInsertionFilter
>> to do what you want...
>>
>> <http://scarab.tigris.org/source/browse/scarab/src/java/org/tigris/scarab/ut
>> il/ReferenceInsertionFilter.java?rev=1.11&content-type=text/x-cvsweb-markup>
>>
>
> And yes, for the non-lazy that want to do it right, this is great.
--
Geir Magnusson Jr.
Research & Development, Adeptra Inc.
geirm@adeptra.com
+1-203-247-1713
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: HTML escape sequence filtering (is there a tool for that?)
Posted by "Geir Magnusson Jr." <ge...@adeptra.com>.
On 7/15/02 1:38 PM, "Jon Scott Stevens" <jo...@latchkey.com> wrote:
> on 7/15/02 6:43 AM, "Ed Yu" <ek...@asgnet.psc.sc.edu> wrote:
>
>> I'm looking into JSP migration to Velocity. There is one feature that
>> the <bean:write ... filter="true"> tag offer, the ability to filer
>> special html characters (<, >, &, etc...). Currently is there a "tool"
>> to perform such filtering?
>
> Even better than Geir's suggestion (which is terribly not MVC
I'll beg to differ. I think that this is just fine MVC as this is a view
issue - if the data is to be XML encoded vs URL encoded vs translated to
spanish vs translated to Klingon vs... That, to me, is a view thing.
Otherwise you have to teach your model about presentation.
> and prone to
> mistakes...what if you forget to filter some user supplied data? You then
> have a cross site scripting hole)
This I agree with 100% :)
>...is to write a ReferenceInsertionFilter
> to do what you want...
>
> <http://scarab.tigris.org/source/browse/scarab/src/java/org/tigris/scarab/ut
> il/ReferenceInsertionFilter.java?rev=1.11&content-type=text/x-cvsweb-markup>
>
And yes, for the non-lazy that want to do it right, this is great.
--
Geir Magnusson Jr.
Research & Development, Adeptra Inc.
geirm@adeptra.com
+1-203-247-1713
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: HTML escape sequence filtering (is there a tool for that?)
Posted by Jon Scott Stevens <jo...@latchkey.com>.
on 7/15/02 6:43 AM, "Ed Yu" <ek...@asgnet.psc.sc.edu> wrote:
> I'm looking into JSP migration to Velocity. There is one feature that
> the <bean:write ... filter="true"> tag offer, the ability to filer
> special html characters (<, >, &, etc...). Currently is there a "tool"
> to perform such filtering?
Even better than Geir's suggestion (which is terribly not MVC and prone to
mistakes...what if you forget to filter some user supplied data? You then
have a cross site scripting hole)...is to write a ReferenceInsertionFilter
to do what you want...
<http://scarab.tigris.org/source/browse/scarab/src/java/org/tigris/scarab/ut
il/ReferenceInsertionFilter.java?rev=1.11&content-type=text/x-cvsweb-markup>
-jon
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: HTML escape sequence filtering (is there a tool for that?)
Posted by "Geir Magnusson Jr." <ge...@adeptra.com>.
On 7/15/02 9:43 AM, "Ed Yu" <ek...@asgnet.psc.sc.edu> wrote:
> I'm looking into JSP migration to Velocity. There is one feature that
> the <bean:write ... filter="true"> tag offer, the ability to filer
> special html characters (<, >, &, etc...). Currently is there a "tool"
> to perform such filtering?
>
Being fundamentally lazy, I just tend to do this :
vc.put("xmltool", new org.apache.velocity.anakia.Escape());
:)
--
Geir Magnusson Jr.
Research & Development, Adeptra Inc.
geirm@adeptra.com
+1-203-247-1713
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>