Hello, I used to define `<#ftl output_format="XML">` on top of ftl files for this purpose.
But having this on file extension looks nice to me. Thanks Jacques for the head up. Gil On Wed, Sep 08, 2021 at 02:59:27PM +0200, Jacques Le Roux wrote: > Hi, > > Long ago we opened https://issues.apache.org/jira/browse/OFBIZ-7675 for that > > Few days ago Dániel Dékány (VP and main contributor to Apache Freemarker > project) wrote at FREEMARKER-189 (https://s.apache.org/fitxs): > > <<I strongly recommend using HTML auto-escaping instead of ?html (see in > the Manual). [...] Then people can't accidentally forget adding them....>> > > I was reluctant do use all auto-escaping features. But I believe we should > follow Forrest Rae > <https://issues.apache.org/jira/secure/ViewProfile.jspa?name=fbr%4014x.net>'s > suggestion at OFBIZ-7041 <https://issues.apache.org/jira/browse/OFBIZ-7041> > that we turn Freemarker autoescaping on. Quoting him there: > > <<This new version of FreeMarker includes auto-escaping and output > formats. The <#escape> directive has been deprecated. Notice the comment at > the > very end of this page: > "FreeMarker automatically escapes all values printed ... if it's properly > configured (that's the responsibility of the programmers; see here how > <http://freemarker.org/docs/pgui_config_outputformatsautoesc.html>)." > Would be good to turn autoescaping on, and set the configuration to match > .ftl as HTML and .fo.ftl as XML.>> > > I mean the last part of Forrest Rae > <https://issues.apache.org/jira/secure/ViewProfile.jspa?name=fbr%4014x.net>'s > proposition, ie : > > 1. removes all "?html" expression and renames all nameIt.ftl files to > nameIt.ftlh > 2. removes all<#escape x as x?xml> ... </#escape> couples and renames all > nameIt.fo.ftl files to nameIt.fo.ftlx > > I think these changes are safe (to be tested of course). > > What do you think? > > Thanks > > Jacques >
signature.asc
Description: PGP signature
