Vinodtr, vinodtr wrote:
I am now using Apache Velocity 1.4 in my project. I would like to incorporate the escaping HTML feature in my project without bringing in Velocity 1.5. I could find that there is a tool called EscapeTool to achieve it. But to do that, i need to change all my velocity templates to encloseall fields inside $esc.html($form.bean.XXXX).
This is the best way to achieve HTML escaping. If you'd like, you can write a short macro like this:
#macro(htmlEscape $text)#if($text)$esc.html($text)#end#endThis will allow you to change the implementation more easily in the future if you wish.
I would like to if there is any way to achieve HTML escaping as a whole with velocity 1.4 itself.
The only way to do this would be to override the implementation of Velocity's "toString" behavior when writing variable values to an output stream.
You wouldn't want to do this globally, though, because some values should not be HTML escaped.
I think your best bet is to escape them individually as you have demonstrated above. Yes, it's a lot of work, but that tends to be the case when you want to go back and add something like this. That's the penalty for not planning ahead.
-chris
signature.asc
Description: OpenPGP digital signature
