I would go for the fundamentals of the developer guide:
http://velocity.apache.org/engine/releases/velocity-1.7/developer-guide.html
// If not done yet, init an engine (here the one of the singleton pattern but
there is a non-static call that you can do if you don't use the singleton
pattern engine)
Velocity.init();
Template template = null;
try {
// Call getTemplate will automatically look up the template and parse it.
template = Velocity.getTemplate("mytemplate.vm");
} catch( ResourceNotFoundException rnfe ) {
// This should not happen in your case (although it could)
} catch( ParseErrorException pee ) {
// Well pretty obvious that the template is not correct
} catch( MethodInvocationException mie ) {
// I don't remember in which case this exception is thrown.
} catch( Exception e ) {
}
Cheers,
Guillaume
Le 6/02/2012 15:44, Chad La Joie a écrit :
On Mon, Feb 6, 2012 at 09:41, sebb<seb...@gmail.com> wrote:
Just because it's parseable does not mean it's safe to use ...
allowing an end-user to provide a template without manual checking
sounds like a recipe for inviting exploits.
There's nothing I can do about that. If the user wants to write a
template that exploits their own system, that's up to them. I'm just
trying to provide what checking I can at startup time.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@velocity.apache.org
For additional commands, e-mail: user-h...@velocity.apache.org