[jira] [Updated] (OFBIZ-7675) Investigate if we should turn Freemarker autoescaping on
[
https://issues.apache.org/jira/browse/OFBIZ-7675?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-7675:
---
Attachment: OFBIZ-7675-plugins.zip
> Investigate if we should turn Freemarker autoescaping on
>
>
> Key: OFBIZ-7675
> URL: https://issues.apache.org/jira/browse/OFBIZ-7675
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Minor
> Attachments: OFBIZ-7675-framework.patch, OFBIZ-7675-plugins.patch,
> OFBIZ-7675-plugins.zip, OFBIZ-7675.patch
>
>
> At OFBIZ-7041 [~f...@14x.net] suggested that we turn Freemarker autoescaping
> on. Quoting him there:
> {quote}
> This new version of FreeMarker includes auto-escaping and output formats. The
> <#escape> directive has been deprecated. Notice the comment at the very end
> of this page:
> "FreeMarker automatically escapes all values printed ... if it's properly
> configured (that's the responsibility of the programmers; [see here
> how|http://freemarker.org/docs/pgui_config_outputformatsautoesc.html])."
> Would be good to turn autoescaping on, and set the configuration to match
> .ftl as HTML and .fo.ftl as XML.
> {quote}
> [~pfm.smits] asked
> {quote}
> If we are going down that path I guess we have to visit a lot of Freemarker
> template files, right?
> {quote}
> Here is my answer
> {quote}
> We don' t use any <#escape> directives in all OFBiz. We have a couple of
> <#noescape> which should be replaced by <#noautoesc>. So I agree we could set
> the Freemarker environement to auto-escaping, and test if it has not
> unexpected side-effects.
> Could be that this will fix or complicate the issue I crossed (at bottom) of
> OFBIZ-7041 and more recently at OFBIZ-7343, let's see...
> {quote}
> Reply
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-7675) Investigate if we should turn Freemarker autoescaping on
[
https://issues.apache.org/jira/browse/OFBIZ-7675?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-7675:
---
Attachment: OFBIZ-7675-framework.patch
> Investigate if we should turn Freemarker autoescaping on
>
>
> Key: OFBIZ-7675
> URL: https://issues.apache.org/jira/browse/OFBIZ-7675
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Minor
> Attachments: OFBIZ-7675-framework.patch, OFBIZ-7675-plugins.patch,
> OFBIZ-7675.patch
>
>
> At OFBIZ-7041 [~f...@14x.net] suggested that we turn Freemarker autoescaping
> on. Quoting him there:
> {quote}
> This new version of FreeMarker includes auto-escaping and output formats. The
> <#escape> directive has been deprecated. Notice the comment at the very end
> of this page:
> "FreeMarker automatically escapes all values printed ... if it's properly
> configured (that's the responsibility of the programmers; [see here
> how|http://freemarker.org/docs/pgui_config_outputformatsautoesc.html])."
> Would be good to turn autoescaping on, and set the configuration to match
> .ftl as HTML and .fo.ftl as XML.
> {quote}
> [~pfm.smits] asked
> {quote}
> If we are going down that path I guess we have to visit a lot of Freemarker
> template files, right?
> {quote}
> Here is my answer
> {quote}
> We don' t use any <#escape> directives in all OFBiz. We have a couple of
> <#noescape> which should be replaced by <#noautoesc>. So I agree we could set
> the Freemarker environement to auto-escaping, and test if it has not
> unexpected side-effects.
> Could be that this will fix or complicate the issue I crossed (at bottom) of
> OFBIZ-7041 and more recently at OFBIZ-7343, let's see...
> {quote}
> Reply
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-7675) Investigate if we should turn Freemarker autoescaping on
[
https://issues.apache.org/jira/browse/OFBIZ-7675?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Deepak Dixit updated OFBIZ-7675:
Fix Version/s: (was: 17.12.01)
> Investigate if we should turn Freemarker autoescaping on
>
>
> Key: OFBIZ-7675
> URL: https://issues.apache.org/jira/browse/OFBIZ-7675
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Deepak Dixit
>Priority: Minor
> Attachments: OFBIZ-7675-plugins.patch, OFBIZ-7675.patch
>
>
> At OFBIZ-7041 [~f...@14x.net] suggested that we turn Freemarker autoescaping
> on. Quoting him there:
> {quote}
> This new version of FreeMarker includes auto-escaping and output formats. The
> <#escape> directive has been deprecated. Notice the comment at the very end
> of this page:
> "FreeMarker automatically escapes all values printed ... if it's properly
> configured (that's the responsibility of the programmers; [see here
> how|http://freemarker.org/docs/pgui_config_outputformatsautoesc.html])."
> Would be good to turn autoescaping on, and set the configuration to match
> .ftl as HTML and .fo.ftl as XML.
> {quote}
> [~pfm.smits] asked
> {quote}
> If we are going down that path I guess we have to visit a lot of Freemarker
> template files, right?
> {quote}
> Here is my answer
> {quote}
> We don' t use any <#escape> directives in all OFBiz. We have a couple of
> <#noescape> which should be replaced by <#noautoesc>. So I agree we could set
> the Freemarker environement to auto-escaping, and test if it has not
> unexpected side-effects.
> Could be that this will fix or complicate the issue I crossed (at bottom) of
> OFBIZ-7041 and more recently at OFBIZ-7343, let's see...
> {quote}
> Reply
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (OFBIZ-7675) Investigate if we should turn Freemarker autoescaping on
[
https://issues.apache.org/jira/browse/OFBIZ-7675?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Deepak Dixit updated OFBIZ-7675:
Attachment: OFBIZ-7675.patch
OFBIZ-7675-plugins.patch
> Investigate if we should turn Freemarker autoescaping on
>
>
> Key: OFBIZ-7675
> URL: https://issues.apache.org/jira/browse/OFBIZ-7675
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Deepak Dixit
>Priority: Minor
> Fix For: 17.12.01
>
> Attachments: OFBIZ-7675-plugins.patch, OFBIZ-7675.patch
>
>
> At OFBIZ-7041 [~f...@14x.net] suggested that we turn Freemarker autoescaping
> on. Quoting him there:
> {quote}
> This new version of FreeMarker includes auto-escaping and output formats. The
> <#escape> directive has been deprecated. Notice the comment at the very end
> of this page:
> "FreeMarker automatically escapes all values printed ... if it's properly
> configured (that's the responsibility of the programmers; [see here
> how|http://freemarker.org/docs/pgui_config_outputformatsautoesc.html])."
> Would be good to turn autoescaping on, and set the configuration to match
> .ftl as HTML and .fo.ftl as XML.
> {quote}
> [~pfm.smits] asked
> {quote}
> If we are going down that path I guess we have to visit a lot of Freemarker
> template files, right?
> {quote}
> Here is my answer
> {quote}
> We don' t use any <#escape> directives in all OFBiz. We have a couple of
> <#noescape> which should be replaced by <#noautoesc>. So I agree we could set
> the Freemarker environement to auto-escaping, and test if it has not
> unexpected side-effects.
> Could be that this will fix or complicate the issue I crossed (at bottom) of
> OFBIZ-7041 and more recently at OFBIZ-7343, let's see...
> {quote}
> Reply
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
