> From: Tobia Conforto [mailto:[EMAIL PROTECTED]
> Sent: Thursday, February 14, 2008 1:43 PM
Hola Tobia:
> I would write a custom input module that can be called safely
> like this:
> "{translate:-: :{1}}"
> It can be implemented using basic java.lang.String methods.
>
As a policy for this website we are trying avoid doing any custom java
programming, only little tiny features added here and there to cocoon
itself, and clearing some minor gotchas i've found in my way but apart from
that, adding a custom java inputModule is not an option, until discovered
the jxpath way i did a draft input module to do the translate, but finally
no needed to break the no custom java code policy of this site..
> I think your solution doesn't quote the argument correctly
> and is susceptible to "JX code injection" or other problems.
> For example the user might go to:
> http://localhost:8080/b/hello',nasty.java.call(),'world
> If I'm not mistaken, the ' after hello would close the Jx
> string and damage would ensue.
After Joerg comments, JXPath itself doesnt have access to arbitrary Classes,
and i'm only declaring String i fail to view a bad use where one can use
this tiny traslation to break the site.. I'm converting - to spaces and
reverse..
Saludos,
Ignacio J. Ortega
> -----Original Message-----
> To: users@cocoon.apache.org
> Subject: Re: Doing string operations over sitemap values
>
> Nacho (Derecho.com) wrote:
> > * I have this URL "http://localhost:8080/b/menores-de-edad";
> > * In sitemap i have a match like "b/**"
> > * I need to do replace "-" in {1} to spaces
> > * I do this using an input module inheriting from
> > AbstractJXPathModule, and using a xpath like expression,
> > "{request:translate('{1}','-','')}"
>
>
>
> Tobia
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
