Thomas Mortagne wrote:
> On Sun, Jun 13, 2010 at 11:51, Caleb James DeLisle
> <[email protected]> wrote:
>> Right now $escapetool is included via velocity configuration.
>> I don't see any reason why we couldn't change to a VelocityContextInitializer
>> which adds an extension of escapetool which has:
>> $escapetool.xwiki1(String)
>> $escapetool.xwiki2(String)
>>
>> Although it would be cleaner I'm resistant to:
>> $escapetool.xwiki.syntax20(String)
>> or the like because vulnerability is easier than security so we should
>> make security as easy (to type) as possible.
>>
>> I'm not sure when I'll have time to do this but I don't think it'd take more
>> than a few hours.
>>
>> WDYT?
>
> $escapetool.xwiki2(String) is pretty easy to do but
I imagined it would be like: "{{{" + string.replaceAll("}}}", "~}~}~}") + "}}}"
> $escapetool.xwiki1(String) is almost impossible (which is one of the
> many reason for having the new rendering system and syntax)
Hmm, how about xml escaping any character which is used in syntax1.0 formatting?
>
> But here is my +1 for the general principal.
>
> We would also have
>
> $escapetool.syntax(String content, Syntax syntaxId)
>
> that would support any provided syntax that implements a proper
> Renderer.
+1 for the idea, how do we get at the Syntax object in velocity?
Maybe: $escapetool.syntax(String content, String syntaxId) is more realistic.
> $escapetool.xwiki2(String) could still be a shortcut for the
> same thing since as you said it should be as easy as possible to call
> it.
My thinking exactly.
>
>> Caleb
>>
>> Marius Dumitru Florea wrote:
>>> On 06/13/2010 11:43 AM, Marius Dumitru Florea wrote:
>>>> On 06/12/2010 04:26 PM, Ivan Levashew wrote:
>>>>> Hello!
>>>>>
>>>>> Yet another problem I'm encountering is lack of
>>>>> proper escaping tools. I have noticed it when I
>>>>> decided to use [ and ] in page titles.
>>>>> «My Recent Modifications» became broken because
>>>>> XWiki parsed [ and ]. Currently I have added
>>>>> {pre} and {/pre} at both ends, but it is just a
>>>>> krunch. What is the proper way? I have checked
>>>>> $escapetool and $xwiki.get*Encoded APIs. There is
>>>>> no common API to escape [, ], =, {, etc.
>>>> You haven't checked
>>>> http://platform.xwiki.org/xwiki/bin/view/Main/XWikiSyntax#HEscapes ;)
>>> This doesn't fix your problem. What about
>>> http://platform.xwiki.org/xwiki/bin/download/DevGuide/API/xwiki-core-2.3.1-javadoc.jar/com/xpn/xwiki/api/Util.html#escapeText%28java.lang.String%29
>>> ?
>>>
>>>> Hope this helps,
>>>> Marius
>>>>
>>>>> _______________________________________________
>>>>> users mailing list
>>>>> [email protected]
>>>>> http://lists.xwiki.org/mailman/listinfo/users
>>>> _______________________________________________
>>>> users mailing list
>>>> [email protected]
>>>> http://lists.xwiki.org/mailman/listinfo/users
>>> _______________________________________________
>>> users mailing list
>>> [email protected]
>>> http://lists.xwiki.org/mailman/listinfo/users
>> _______________________________________________
>> devs mailing list
>> [email protected]
>> http://lists.xwiki.org/mailman/listinfo/devs
>>
>
>
>
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs
