On Mon, Jun 14, 2010 at 11:33, Caleb James DeLisle
<[email protected]> wrote:
>
>
> Thomas Mortagne wrote:
>> On Sun, Jun 13, 2010 at 11:51, Caleb James DeLisle
>> <[email protected]> wrote:
>>> Right now $escapetool is included via velocity configuration.
>>> I don't see any reason why we couldn't change to a
>>> VelocityContextInitializer
>>> which adds an extension of escapetool which has:
>>> $escapetool.xwiki1(String)
>>> $escapetool.xwiki2(String)
>>>
>>> Although it would be cleaner I'm resistant to:
>>> $escapetool.xwiki.syntax20(String)
>>> or the like because vulnerability is easier than security so we should
>>> make security as easy (to type) as possible.
>>>
>>> I'm not sure when I'll have time to do this but I don't think it'd take more
>>> than a few hours.
>>>
>>> WDYT?
>>
>> $escapetool.xwiki2(String) is pretty easy to do but
>
> I imagined it would be like: "{{{" + string.replaceAll("}}}", "~}~}~}") +
> "}}}"
No, nothing like that: you parse it with plain/1.0 parser and render
it with xwiki/2.0 renderer (or any other syntax providing a renderer
in which you want to escape it).
>
>> $escapetool.xwiki1(String) is almost impossible (which is one of the
>> many reason for having the new rendering system and syntax)
>
> Hmm, how about xml escaping any character which is used in syntax1.0
> formatting?
>
>>
>> But here is my +1 for the general principal.
>>
>> We would also have
>>
>> $escapetool.syntax(String content, Syntax syntaxId)
>>
>> that would support any provided syntax that implements a proper
>> Renderer.
>
> +1 for the idea, how do we get at the Syntax object in velocity?
> Maybe: $escapetool.syntax(String content, String syntaxId) is more realistic.
>
>> $escapetool.xwiki2(String) could still be a shortcut for the
>> same thing since as you said it should be as easy as possible to call
>> it.
>
> My thinking exactly.
>
>>
>>> Caleb
>>>
>>> Marius Dumitru Florea wrote:
>>>> On 06/13/2010 11:43 AM, Marius Dumitru Florea wrote:
>>>>> On 06/12/2010 04:26 PM, Ivan Levashew wrote:
>>>>>> Hello!
>>>>>>
>>>>>> Yet another problem I'm encountering is lack of
>>>>>> proper escaping tools. I have noticed it when I
>>>>>> decided to use [ and ] in page titles.
>>>>>> «My Recent Modifications» became broken because
>>>>>> XWiki parsed [ and ]. Currently I have added
>>>>>> {pre} and {/pre} at both ends, but it is just a
>>>>>> krunch. What is the proper way? I have checked
>>>>>> $escapetool and $xwiki.get*Encoded APIs. There is
>>>>>> no common API to escape [, ], =, {, etc.
>>>>> You haven't checked
>>>>> http://platform.xwiki.org/xwiki/bin/view/Main/XWikiSyntax#HEscapes ;)
>>>> This doesn't fix your problem. What about
>>>> http://platform.xwiki.org/xwiki/bin/download/DevGuide/API/xwiki-core-2.3.1-javadoc.jar/com/xpn/xwiki/api/Util.html#escapeText%28java.lang.String%29
>>>> ?
>>>>
>>>>> Hope this helps,
>>>>> Marius
>>>>>
>>>>>> _______________________________________________
>>>>>> users mailing list
>>>>>> [email protected]
>>>>>> http://lists.xwiki.org/mailman/listinfo/users
>>>>> _______________________________________________
>>>>> users mailing list
>>>>> [email protected]
>>>>> http://lists.xwiki.org/mailman/listinfo/users
>>>> _______________________________________________
>>>> users mailing list
>>>> [email protected]
>>>> http://lists.xwiki.org/mailman/listinfo/users
>>> _______________________________________________
>>> devs mailing list
>>> [email protected]
>>> http://lists.xwiki.org/mailman/listinfo/devs
>>>
>>
>>
>>
>
> _______________________________________________
> devs mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/devs
>
--
Thomas Mortagne
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs
