[
https://issues.apache.org/jira/browse/VELOCITY-705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12677776#action_12677776
]
Nathan Bubna commented on VELOCITY-705:
---------------------------------------
These ideas sound pretty good so far. It would be great to something more
user-friendly and focused/focusable than EventHandlers, which i've never been
thrilled with and didn't even use before Will's big upgrade to them in 1.5.
The writeReference(String) addition is nice, but i'd love to have filters for
#filter be able to get ahold of references before toString() (or
render(context, writer) is called on them. For instance, a filter that
formatted number references would have to parse the string back to a number
before formatting back into the desired string form. This probably can't be
done at the writer level.
> Dynamic VTL reference modification directive
> --------------------------------------------
>
> Key: VELOCITY-705
> URL: https://issues.apache.org/jira/browse/VELOCITY-705
> Project: Velocity
> Issue Type: New Feature
> Components: Engine
> Reporter: Jarkko Viinamäki
>
> Currently EventHandlers are defined in velocity.properties like:
> eventhandler.referenceinsertion.class =
> The problem is that AFAIK this handler is active in every reference
> evaluation (and every template). I propose a dynamic setting that can be
> chained and turned on and off during template rendering.
> Syntax might be something like:
> #filter($myReferenceModifier)
> any VTL here ($foo type references are modified using the class referred by
> $myReferenceModifier)
> #end
> The basic idea is that you put some classes that implement e.g.
> ReferenceInsertionEventHandler interface to the Context and then you can use
> those to filter/modify some selected parts of the template. #filter directive
> should allow nesting (one #filter directive contain another #filter
> directive).
> It's probably also necessary to disable filtering for selected elements
> inside the filter block.
> It might be also useful to be able to limit the amount of reference names
> that are passed to the filter. Like:
> #filter($myReferenceModifier ['a', 'foo', 'html'])
> ----
> Use Case for this feature is that often you need to escape form values and
> other elements to avoid XSS attacks etc. Escaping all references in all
> templates seems like an overkill (and isn't very performance friendly
> either). This feature would allow you to do escaping dynamically only for
> selected elements.
> What do you think?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
