On Jun 15, 2010, at 6:13 PM, Caleb James DeLisle wrote: > > > Vincent Massol wrote: >> Hi Caleb, >> >> On Jun 15, 2010, at 3:27 PM, cjdelisle (SVN) wrote: >> >>> Author: cjdelisle >>> Date: 2010-06-15 15:27:18 +0200 (Tue, 15 Jun 2010) >>> New Revision: 29480 >>> >>> Modified: >>> >>> platform/xwiki-tools/trunk/xwiki-configuration-resources/src/main/resources/xwiki.cfg.vm >>> Log: >>> XWIKI-5273: In syntax 1.0 allow changing order of renderers, set default in >>> configuration file to execute groovy before velocity. >>> Make groovy be rendered before velocity by default. >>> >>> Modified: >>> platform/xwiki-tools/trunk/xwiki-configuration-resources/src/main/resources/xwiki.cfg.vm >>> =================================================================== >>> --- >>> platform/xwiki-tools/trunk/xwiki-configuration-resources/src/main/resources/xwiki.cfg.vm >>> 2010-06-15 13:24:58 UTC (rev 29479) >>> +++ >>> platform/xwiki-tools/trunk/xwiki-configuration-resources/src/main/resources/xwiki.cfg.vm >>> 2010-06-15 13:27:18 UTC (rev 29480) >>> @@ -307,6 +307,11 @@ >>> #-# Simple wiki syntax rendering >>> # xwiki.render.wikiwiki=0 >>> >>> +#-# Rendering order: content will be rendered by the first renderer on the >>> list, output rendered by the second, etc. >>> +#-# Default: macromapping, velocity, groovy, plugin, wiki, wikiwiki >>> +#-# To protect against velocity content becoming groovy code, it is >>> recommended to leave the following line active. >>> +xwiki.render.renderingorder=macromapping, groovy, velocity, plugin, wiki, >>> wikiwiki >> >> I think this line should be commented out since it's the default and thus >> shouldn't be needed (xwiki must work without the config file as much as >> possible). > > No the default is the old way. > Commenting this line out would put it into "compatibility mode".
I thought we wanted the default to be the new way so that there's no security hole by default. Why don't we use the new way by default? Thanks -Vincent >>> >>> + >>> #-# Maximum number of documents to keep in the rendered cache >>> # xwiki.render.cache.capacity=100 >> _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
