Vincent Massol wrote:
> On Jun 13, 2010, at 11:51 AM, Caleb James DeLisle wrote:
>
>> Right now $escapetool is included via velocity configuration.
>> I don't see any reason why we couldn't change to a VelocityContextInitializer
>> which adds an extension of escapetool which has:
>> $escapetool.xwiki1(String)
>> $escapetool.xwiki2(String)
>
> I'm not sure it has to do with escapetool (at least for xwiki/2.0 and other
> new rendering syntaxes). I think it has more to do with the rendering module
> since it's the rendering module which defines the escaping rules (for
> xwiki/2.0 and other syntaxes, except for syntax 1.0 which is in the old
> rendering). In addition it would need to be generic, something like
$services.rendering.escape(text, syntax)
I agree with the idea of generic but too much typing and nobody will ever use
it, opting to be insecure instead.
Also I'm -.5 to the idea if it means separating it from the other functions of
escapetool.
>
> BTW I haven't followed this thread but what are the needs? It sounds a bit
> strange to have to output wiki syntax through velocity.
People want user supplied content to be spliced into a page without effecting
the wiki output.
We use escapetool to escape XML and URLs. this would just add more features to
it.
Another need is to make escapetool.xml escape { so that user content cannot
jailbreak an html macro.
>
> Thanks
> -Vincent
>
>> Although it would be cleaner I'm resistant to:
>> $escapetool.xwiki.syntax20(String)
>> or the like because vulnerability is easier than security so we should
>> make security as easy (to type) as possible.
>>
>> I'm not sure when I'll have time to do this but I don't think it'd take more
>> than a few hours.
>>
>> WDYT?
>>
>> Caleb
>>
>> Marius Dumitru Florea wrote:
>>> On 06/13/2010 11:43 AM, Marius Dumitru Florea wrote:
>>>> On 06/12/2010 04:26 PM, Ivan Levashew wrote:
>>>>> Hello!
>>>>>
>>>>> Yet another problem I'm encountering is lack of
>>>>> proper escaping tools. I have noticed it when I
>>>>> decided to use [ and ] in page titles.
>>>>> «My Recent Modifications» became broken because
>>>>> XWiki parsed [ and ]. Currently I have added
>>>>> {pre} and {/pre} at both ends, but it is just a
>>>>> krunch. What is the proper way? I have checked
>>>>> $escapetool and $xwiki.get*Encoded APIs. There is
>>>>> no common API to escape [, ], =, {, etc.
>>>> You haven't checked
>>>> http://platform.xwiki.org/xwiki/bin/view/Main/XWikiSyntax#HEscapes ;)
>>> This doesn't fix your problem. What about
>>> http://platform.xwiki.org/xwiki/bin/download/DevGuide/API/xwiki-core-2.3.1-javadoc.jar/com/xpn/xwiki/api/Util.html#escapeText%28java.lang.String%29
>>>
>>> ?
>>>
>>>> Hope this helps,
>>>> Marius
>>>>
>>>>> _______________________________________________
>>>>> users mailing list
>>>>> [email protected]
>>>>> http://lists.xwiki.org/mailman/listinfo/users
>>>> _______________________________________________
>>>> users mailing list
>>>> [email protected]
>>>> http://lists.xwiki.org/mailman/listinfo/users
>>> _______________________________________________
>>> users mailing list
>>> [email protected]
>>> http://lists.xwiki.org/mailman/listinfo/users
>> _______________________________________________
>> devs mailing list
>> [email protected]
>> http://lists.xwiki.org/mailman/listinfo/devs
>
> _______________________________________________
> devs mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/devs
>
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs
