--- Joe Berkovitz <[EMAIL PROTECTED]> wrote:
> Hey folks,
>
> I note that in most of the plugins (my recent
> contribution included)
> there is no attempt to escape special characters
> inside Java string
> constants generated inside a Velocity template. For
> example, at
> plugin-beaninfo's BeanInfoPlugin.vm:307 we have
> this:
>
>
parameterDescriptor.setShortDescription("${parameterTag.getNamedParameter("short-description")}");
>
> Now, the string being substituted here could include
> double quotes or
> newline characters. It's a textual description, not
> an identifier. If
> it does such characters, the generated code will be
> lexically bad and
> will not compile.
Well, this could be a problem but at least using
double quotes
in tag parameter content would freak out qdox beyond
any recognition -
so it will not made it to the java :)
( and newlines would be removed by qdox, at least it
used to be )
e:
>
>
>
http://jakarta.apache.org/velocity/tools/generic/EscapeTool.html
There is even better ( but not yet released )
reference insertion handler -
no need to explicitely invoke this. I'm using this in
my web projects for
data entered by users. ( HTML-Spoofer deserve
properly escaped text :) )
> If it was integrated with the XD2 dist, then
> invoking it would be as
> easy as this:
>
>
parameterDescriptor.setShortDescription("${esc.java($parameterTag.getNamedParameter("short-description"))}");
>
> It also escapes for SQL, JavaScript, and so on --
> very handy.
>
> I don't know enough about the non-plugin part of XD2
> to have a clue how
> this would be integrated. Does this seem useful to
> the person who
> currently maintains that part of the world?
As said before, it can be usefull in concrete cases.
Though those cases are seldom ( but I can imagine
necessity to escape for xml or whatever )
regards,
----[ Konstantin Pribluda http://www.pribluda.de ]----------------
Still using XDoclet 1.x? XDoclet 2 is released and of production quality.
check it out: http://xdoclet.codehaus.org
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
