You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@velocity.apache.org by Will Glass-Husain <wg...@forio.com> on 2005/09/12 00:44:20 UTC
event handler patch
Colleagues,
With a short burst of autumnal energy, I've just committed a substantial patch to the event handling system. It should be 100% backwards compatible - I encourage you to try it out. We've discussed significant parts of this before (e.g. new IncludeEventHandler for #include and #parse), but please send comments on any aspects of these enhancements.
In addition to updates to the event handler framework, this patch also includes useful event handler implementations. The most important of these are event handlers for reference escaping (HTML, XML, SQL, and JavaScript). Some might argue that escaping belongs in the tools project, but I consider this an important core feature for many of our users. It's worth noting that other templating approaches like JSP 2.0 and FreeMarker have HTML escaping as a language feature.
With the latest source code you can set up the event handler in velocity.properties, then (optionally) limit the escape handler implementations with regular expressions. For example, to apply HTML escaping to all references put this line in velocity.properties.
*****************************
eventhandler.referenceinsertion.class = org.apache.velocity.app.event.implement.EscapeHtmlReference
*****************************
The following velocity.properties excerpts set up HTML escaping for all references and JavaScript escaping (backslash before quotes) for references starting with "js".
*****************************
eventhandler.referenceinsertion.class = org.apache.velocity.app.event.implement.EscapeHtmlReference,org.apache.velocity.app.event.implement.EscapeJavaScriptReference
eventhandler.escape.javascript.match = /js.*/
*****************************
The most import side effect of this patch is a new dependency on "commons-lang". While I'm loath to grow the jar files unnecessarily, there's a very nice utility class for doing HTML/XML/JavaScript/SQL escaping.
Again, I'd welcome any thoughts.
Best,
WILL
_______________________________________
Forio Business Simulations
Will Glass-Husain
wglass@forio.com
www.forio.com
Re: event handler patch
Posted by Nathan Bubna <nb...@gmail.com>.
if you're willing to do that, then, yeah, i think that'd be the best
way to go with it for now.
On 9/12/05, Will Glass-Husain <wg...@forio.com> wrote:
> Hi Nathan,
>
> Right now it puts all the classes from commons-lang into velocity-dep. I
> could change this to only do the small number (possibly just one) of
> relevant classes, like it does for commons-collection.
>
> (Actually, the class is StringEscapeUtils, for the record).
>
> WILL
>
> ----- Original Message -----
> From: "Nathan Bubna" <nb...@gmail.com>
> To: "Velocity Developers List" <ve...@jakarta.apache.org>
> Sent: Monday, September 12, 2005 6:56 AM
> Subject: Re: event handler patch
>
>
> looks great, Will!
>
> regarding the dependency thing... are we going to continue to
> provide both the velocity.jar and velocity-dep.jar with the 1.5
> version? if so, then the addition of commons-lang is not too bad.
> people can use the whole commons-lang lib with velocity.jar and we can
> extract and ship StringUtils in the velocity-dep.jar.
>
> On 9/11/05, Will Glass-Husain <wg...@forio.com> wrote:
> > Colleagues,
> >
> > With a short burst of autumnal energy, I've just committed a substantial
> > patch to the event handling system. It should be 100% backwards
> > compatible - I encourage you to try it out. We've discussed significant
> > parts of this before (e.g. new IncludeEventHandler for #include and
> > #parse), but please send comments on any aspects of these enhancements.
> >
> > In addition to updates to the event handler framework, this patch also
> > includes useful event handler implementations. The most important of
> > these are event handlers for reference escaping (HTML, XML, SQL, and
> > JavaScript). Some might argue that escaping belongs in the tools project,
> > but I consider this an important core feature for many of our users. It's
> > worth noting that other templating approaches like JSP 2.0 and FreeMarker
> > have HTML escaping as a language feature.
> >
> > With the latest source code you can set up the event handler in
> > velocity.properties, then (optionally) limit the escape handler
> > implementations with regular expressions. For example, to apply HTML
> > escaping to all references put this line in velocity.properties.
> >
> > *****************************
> > eventhandler.referenceinsertion.class =
> > org.apache.velocity.app.event.implement.EscapeHtmlReference
> > *****************************
> >
> > The following velocity.properties excerpts set up HTML escaping for all
> > references and JavaScript escaping (backslash before quotes) for
> > references starting with "js".
> >
> > *****************************
> > eventhandler.referenceinsertion.class =
> > org.apache.velocity.app.event.implement.EscapeHtmlReference,org.apache.velocity.app.event.implement.EscapeJavaScriptReference
> >
> > eventhandler.escape.javascript.match = /js.*/
> > *****************************
> >
> > The most import side effect of this patch is a new dependency on
> > "commons-lang". While I'm loath to grow the jar files unnecessarily,
> > there's a very nice utility class for doing HTML/XML/JavaScript/SQL
> > escaping.
> >
> > Again, I'd welcome any thoughts.
> >
> > Best,
> > WILL
> >
> > _______________________________________
> > Forio Business Simulations
> >
> > Will Glass-Husain
> > wglass@forio.com
> > www.forio.com
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: velocity-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: velocity-dev-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-dev-help@jakarta.apache.org
Re: event handler patch
Posted by Will Glass-Husain <wg...@forio.com>.
Hi Nathan,
Right now it puts all the classes from commons-lang into velocity-dep. I
could change this to only do the small number (possibly just one) of
relevant classes, like it does for commons-collection.
(Actually, the class is StringEscapeUtils, for the record).
WILL
----- Original Message -----
From: "Nathan Bubna" <nb...@gmail.com>
To: "Velocity Developers List" <ve...@jakarta.apache.org>
Sent: Monday, September 12, 2005 6:56 AM
Subject: Re: event handler patch
looks great, Will!
regarding the dependency thing... are we going to continue to
provide both the velocity.jar and velocity-dep.jar with the 1.5
version? if so, then the addition of commons-lang is not too bad.
people can use the whole commons-lang lib with velocity.jar and we can
extract and ship StringUtils in the velocity-dep.jar.
On 9/11/05, Will Glass-Husain <wg...@forio.com> wrote:
> Colleagues,
>
> With a short burst of autumnal energy, I've just committed a substantial
> patch to the event handling system. It should be 100% backwards
> compatible - I encourage you to try it out. We've discussed significant
> parts of this before (e.g. new IncludeEventHandler for #include and
> #parse), but please send comments on any aspects of these enhancements.
>
> In addition to updates to the event handler framework, this patch also
> includes useful event handler implementations. The most important of
> these are event handlers for reference escaping (HTML, XML, SQL, and
> JavaScript). Some might argue that escaping belongs in the tools project,
> but I consider this an important core feature for many of our users. It's
> worth noting that other templating approaches like JSP 2.0 and FreeMarker
> have HTML escaping as a language feature.
>
> With the latest source code you can set up the event handler in
> velocity.properties, then (optionally) limit the escape handler
> implementations with regular expressions. For example, to apply HTML
> escaping to all references put this line in velocity.properties.
>
> *****************************
> eventhandler.referenceinsertion.class =
> org.apache.velocity.app.event.implement.EscapeHtmlReference
> *****************************
>
> The following velocity.properties excerpts set up HTML escaping for all
> references and JavaScript escaping (backslash before quotes) for
> references starting with "js".
>
> *****************************
> eventhandler.referenceinsertion.class =
> org.apache.velocity.app.event.implement.EscapeHtmlReference,org.apache.velocity.app.event.implement.EscapeJavaScriptReference
>
> eventhandler.escape.javascript.match = /js.*/
> *****************************
>
> The most import side effect of this patch is a new dependency on
> "commons-lang". While I'm loath to grow the jar files unnecessarily,
> there's a very nice utility class for doing HTML/XML/JavaScript/SQL
> escaping.
>
> Again, I'd welcome any thoughts.
>
> Best,
> WILL
>
> _______________________________________
> Forio Business Simulations
>
> Will Glass-Husain
> wglass@forio.com
> www.forio.com
>
---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-dev-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-dev-help@jakarta.apache.org
Re: event handler patch
Posted by Nathan Bubna <nb...@gmail.com>.
looks great, Will!
regarding the dependency thing... are we going to continue to
provide both the velocity.jar and velocity-dep.jar with the 1.5
version? if so, then the addition of commons-lang is not too bad.
people can use the whole commons-lang lib with velocity.jar and we can
extract and ship StringUtils in the velocity-dep.jar.
On 9/11/05, Will Glass-Husain <wg...@forio.com> wrote:
> Colleagues,
>
> With a short burst of autumnal energy, I've just committed a substantial patch to the event handling system. It should be 100% backwards compatible - I encourage you to try it out. We've discussed significant parts of this before (e.g. new IncludeEventHandler for #include and #parse), but please send comments on any aspects of these enhancements.
>
> In addition to updates to the event handler framework, this patch also includes useful event handler implementations. The most important of these are event handlers for reference escaping (HTML, XML, SQL, and JavaScript). Some might argue that escaping belongs in the tools project, but I consider this an important core feature for many of our users. It's worth noting that other templating approaches like JSP 2.0 and FreeMarker have HTML escaping as a language feature.
>
> With the latest source code you can set up the event handler in velocity.properties, then (optionally) limit the escape handler implementations with regular expressions. For example, to apply HTML escaping to all references put this line in velocity.properties.
>
> *****************************
> eventhandler.referenceinsertion.class = org.apache.velocity.app.event.implement.EscapeHtmlReference
> *****************************
>
> The following velocity.properties excerpts set up HTML escaping for all references and JavaScript escaping (backslash before quotes) for references starting with "js".
>
> *****************************
> eventhandler.referenceinsertion.class = org.apache.velocity.app.event.implement.EscapeHtmlReference,org.apache.velocity.app.event.implement.EscapeJavaScriptReference
>
> eventhandler.escape.javascript.match = /js.*/
> *****************************
>
> The most import side effect of this patch is a new dependency on "commons-lang". While I'm loath to grow the jar files unnecessarily, there's a very nice utility class for doing HTML/XML/JavaScript/SQL escaping.
>
> Again, I'd welcome any thoughts.
>
> Best,
> WILL
>
> _______________________________________
> Forio Business Simulations
>
> Will Glass-Husain
> wglass@forio.com
> www.forio.com
>
---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-dev-help@jakarta.apache.org
Re: event handler patch
Posted by Claude Brisson <cl...@renegat.net>.
On Sun, 2005-09-11 at 15:44 -0700, Will Glass-Husain wrote:
> Colleagues,
>
> With a short burst of autumnal energy, I've just committed a substantial patch to the event handling system. It should be 100% backwards compatible - I encourage you to try it out. We've discussed significant parts of this before (e.g. new IncludeEventHandler for #include and #parse), but please send comments on any aspects of these enhancements.
That's really cool.
Thanks, Will.
> eventhandler.escape.javascript.match = /js.*/
> *****************************
That makes me think of something totally offtopic on this thread - well
I'll follow the rules and start a new thread...
--
Claude
---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-dev-help@jakarta.apache.org