> From: Tobia Conforto [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 14, 2008 1:43 PM
Hola Tobia: > I would write a custom input module that can be called safely > like this: > "{translate:-: :{1}}" > It can be implemented using basic java.lang.String methods. > As a policy for this website we are trying avoid doing any custom java programming, only little tiny features added here and there to cocoon itself, and clearing some minor gotchas i've found in my way but apart from that, adding a custom java inputModule is not an option, until discovered the jxpath way i did a draft input module to do the translate, but finally no needed to break the no custom java code policy of this site.. > I think your solution doesn't quote the argument correctly > and is susceptible to "JX code injection" or other problems. > For example the user might go to: > http://localhost:8080/b/hello',nasty.java.call(),'world > If I'm not mistaken, the ' after hello would close the Jx > string and damage would ensue. After Joerg comments, JXPath itself doesnt have access to arbitrary Classes, and i'm only declaring String i fail to view a bad use where one can use this tiny traslation to break the site.. I'm converting - to spaces and reverse.. Saludos, Ignacio J. Ortega > -----Original Message----- > To: users@cocoon.apache.org > Subject: Re: Doing string operations over sitemap values > > Nacho (Derecho.com) wrote: > > * I have this URL "http://localhost:8080/b/menores-de-edad" > > * In sitemap i have a match like "b/**" > > * I need to do replace "-" in {1} to spaces > > * I do this using an input module inheriting from > > AbstractJXPathModule, and using a xpath like expression, > > "{request:translate('{1}','-','')}" > > > > Tobia > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]