Dynamic VTL reference modification directive
--------------------------------------------
Key: VELOCITY-705
URL: https://issues.apache.org/jira/browse/VELOCITY-705
Project: Velocity
Issue Type: New Feature
Components: Engine
Reporter: Jarkko Viinamäki
Currently EventHandlers are defined in velocity.properties like:
eventhandler.referenceinsertion.class =
The problem is that AFAIK this handler is active in every reference evaluation
(and every template). I propose a dynamic setting that can be chained and
turned on and off during template rendering.
Syntax might be something like:
#filter($myReferenceModifier)
any VTL here ($foo type references are modified using the class referred by
$myReferenceModifier)
#end
The basic idea is that you put some classes that implement e.g.
ReferenceInsertionEventHandler interface to the Context and then you can use
those to filter/modify some selected parts of the template. #filter directive
should allow nesting (one #filter directive contain another #filter directive).
It's probably also necessary to disable filtering for selected elements inside
the filter block.
It might be also useful to be able to limit the amount of reference names that
are passed to the filter. Like:
#filter($myReferenceModifier ['a', 'foo', 'html'])
----
Use Case for this feature is that often you need to escape form values and
other elements to avoid XSS attacks etc. Escaping all references in all
templates seems like an overkill (and isn't very performance friendly either).
This feature would allow you to do escaping dynamically only for selected
elements.
What do you think?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
