implement: EscapeHtmlReference.java EscapeJavaScriptReference.java EscapeXmlReference.java

cbrisson Sun, 10 Mar 2019 04:55:21 -0700

Author: cbrisson
Date: Sun Mar 10 11:54:57 2019
New Revision: 1855144

URL: http://svn.apache.org/viewvc?rev=1855144&view=rev
Log:
[engine] Deprecate HTML, XML and Javascript EscapeReference event handlers


Modified:
    
velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java
    
velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java
    
velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java

Modified: 
velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java
URL: 
http://svn.apache.org/viewvc/velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java?rev=1855144&r1=1855143&r2=1855144&view=diff
==============================================================================
--- 
velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java
 (original)
+++ 
velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java
 Sun Mar 10 11:54:57 2019
@@ -22,12 +22,15 @@ import org.apache.commons.lang3.StringEs
  */
 
 /**
- * Escape all HTML entities.
+ * <p>Escape all HTML entities.</p>
+ * <p>Warning: escaping references this way, without knowing if they land 
inside plain text, inside an attribute value or elsewhere, is not usable in 
production.</p>
  *
  * @see <a 
href="http://commons.apache.org/proper/commons-lang/javadocs/api-release/org/apache/commons/lang3/StringEscapeUtils.html#escapeHtml4%28java.lang.String%29";>StringEscapeUtils</a>
  * @author wglass
  * @since 1.5
+ * @deprecated impractical use
  */
+@Deprecated
 public class EscapeHtmlReference extends EscapeReference
 {
 

Modified: 
velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java
URL: 
http://svn.apache.org/viewvc/velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java?rev=1855144&r1=1855143&r2=1855144&view=diff
==============================================================================
--- 
velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java
 (original)
+++ 
velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java
 Sun Mar 10 11:54:57 2019
@@ -22,12 +22,15 @@ import org.apache.commons.lang3.StringEs
  */
 
 /**
- * Escapes the characters in a String to be suitable for use in JavaScript.
+ * <p>Escapes the characters in a String to be suitable for use in 
JavaScript.</p>
+ * <p>Warning: escaping references this way, without knowing if they land 
inside or outside Javascript simple-quoted or double-quoted strings, is not 
usable in production.</p>
  *
  * @see <a 
href="http://commons.apache.org/proper/commons-lang/javadocs/api-release/org/apache/commons/lang3/StringEscapeUtils.html#escapeEcmaScript%28java.lang.String%29";>StringEscapeUtils</a>
  * @author wglass
  * @since 1.5
+ * @deprecated impractical use
  */
+@Deprecated
 public class EscapeJavaScriptReference extends EscapeReference
 {
 

Modified: 
velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java
URL: 
http://svn.apache.org/viewvc/velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java?rev=1855144&r1=1855143&r2=1855144&view=diff
==============================================================================
--- 
velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java
 (original)
+++ 
velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java
 Sun Mar 10 11:54:57 2019
@@ -22,10 +22,13 @@ import org.apache.commons.lang3.StringEs
  */
 
 /**
- * Escape all XML entities, suitable for placing the output inside an XML 
(1.0) text node or attribute value.
+ * <p>Escape all XML entities, suitable for placing the output inside an XML 
(1.0) text node or attribute value.</p>
+ * <p>Warning: escaping references this way, without knowing if they land 
inside plain text, inside an attribute value or elsewhere, is not usable in 
production.</p>
+ *
  * @see <a 
href="http://jakarta.apache.org/commons/lang/api/org/apache/commons/lang/StringEscapeUtils.html#escapeSql(java.lang.String)">StringEscapeUtils</a>
  * @author wglass
  * @since 1.5
+ * @deprecated impractical use
  */
 public class EscapeXmlReference extends EscapeReference
 {

svn commit: r1855144 - in /velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement: EscapeHtmlReference.java EscapeJavaScriptReference.java EscapeXmlReference.java

Reply via email to