Hi Nathan,
Right now it puts all the classes from commons-lang into velocity-dep. I
could change this to only do the small number (possibly just one) of
relevant classes, like it does for commons-collection.
(Actually, the class is StringEscapeUtils, for the record).
WILL
----- Original Message -----
From: "Nathan Bubna" <[EMAIL PROTECTED]>
To: "Velocity Developers List" <[email protected]>
Sent: Monday, September 12, 2005 6:56 AM
Subject: Re: event handler patch
looks great, Will!
regarding the dependency thing... are we going to continue to
provide both the velocity.jar and velocity-dep.jar with the 1.5
version? if so, then the addition of commons-lang is not too bad.
people can use the whole commons-lang lib with velocity.jar and we can
extract and ship StringUtils in the velocity-dep.jar.
On 9/11/05, Will Glass-Husain <[EMAIL PROTECTED]> wrote:
Colleagues,
With a short burst of autumnal energy, I've just committed a substantial
patch to the event handling system. It should be 100% backwards
compatible - I encourage you to try it out. We've discussed significant
parts of this before (e.g. new IncludeEventHandler for #include and
#parse), but please send comments on any aspects of these enhancements.
In addition to updates to the event handler framework, this patch also
includes useful event handler implementations. The most important of
these are event handlers for reference escaping (HTML, XML, SQL, and
JavaScript). Some might argue that escaping belongs in the tools project,
but I consider this an important core feature for many of our users. It's
worth noting that other templating approaches like JSP 2.0 and FreeMarker
have HTML escaping as a language feature.
With the latest source code you can set up the event handler in
velocity.properties, then (optionally) limit the escape handler
implementations with regular expressions. For example, to apply HTML
escaping to all references put this line in velocity.properties.
*****************************
eventhandler.referenceinsertion.class =
org.apache.velocity.app.event.implement.EscapeHtmlReference
*****************************
The following velocity.properties excerpts set up HTML escaping for all
references and JavaScript escaping (backslash before quotes) for
references starting with "js".
*****************************
eventhandler.referenceinsertion.class =
org.apache.velocity.app.event.implement.EscapeHtmlReference,org.apache.velocity.app.event.implement.EscapeJavaScriptReference
eventhandler.escape.javascript.match = /js.*/
*****************************
The most import side effect of this patch is a new dependency on
"commons-lang". While I'm loath to grow the jar files unnecessarily,
there's a very nice utility class for doing HTML/XML/JavaScript/SQL
escaping.
Again, I'd welcome any thoughts.
Best,
WILL
_______________________________________
Forio Business Simulations
Will Glass-Husain
[EMAIL PROTECTED]
www.forio.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
