Hello, the patch that is attached makes it possible to use logical negation in the eventhandler.escape.html.match pattern by prepending an exclamation mark, for example:
ve.setProperty("eventhandler.escape.html.match", "!/__nhe$/");
I was missing this feature because it's safer to always html-escape
everything, except for a few specific variables, which can now
conveniently be marked by including a special pattern in their
name.
The patch adds only a few lines to app/event/EscapeReference.java.
--
Tomas Styblo <[EMAIL PROTECTED]>
diff -purN
velocity-1.6.orig/src/java/org/apache/velocity/app/event/implement/EscapeReference.java
velocity-1.6-new/src/java/org/apache/velocity/app/event/implement/EscapeReference.java
---
velocity-1.6.orig/src/java/org/apache/velocity/app/event/implement/EscapeReference.java
2008-11-25 00:59:19.000000000 +0100
+++
velocity-1.6-new/src/java/org/apache/velocity/app/event/implement/EscapeReference.java
2008-12-03 21:51:58.000000000 +0100
@@ -63,6 +63,7 @@ public abstract class EscapeReference im
private RuntimeServices rs;
private String matchRegExp = null;
+ private boolean isMatchNegation = false;
/**
* Escape the given text. Override this in a subclass to do the actual
@@ -102,7 +103,12 @@ public abstract class EscapeReference im
return escape(value);
}
- else if (perl.match(matchRegExp,reference))
+ else if (!isMatchNegation && perl.match(matchRegExp,reference))
+ {
+ return escape(value);
+ }
+
+ else if (isMatchNegation && !perl.match(matchRegExp,reference))
{
return escape(value);
}
@@ -136,6 +142,16 @@ public abstract class EscapeReference im
*/
if (matchRegExp != null)
{
+ if (matchRegExp.charAt(0) == '!')
+ {
+ isMatchNegation = true;
+ matchRegExp = matchRegExp.substring(1);
+ }
+ else
+ {
+ isMatchNegation = false;
+ }
+
try
{
perl.match(matchRegExp,"");
pgpRv3SPnELRh.pgp
Description: PGP signature
