Right now $escapetool is included via velocity configuration.
I don't see any reason why we couldn't change to a VelocityContextInitializer
which adds an extension of escapetool which has:
$escapetool.xwiki1(String)
$escapetool.xwiki2(String)
Although it would be cleaner I'm resistant to:
$escapetool.xwiki.syntax20(String)
or the like because vulnerability is easier than security so we should
make security as easy (to type) as possible.
I'm not sure when I'll have time to do this but I don't think it'd take more
than a few hours.
WDYT?
Caleb
Marius Dumitru Florea wrote:
> On 06/13/2010 11:43 AM, Marius Dumitru Florea wrote:
>> On 06/12/2010 04:26 PM, Ivan Levashew wrote:
>>> Hello!
>>>
>>> Yet another problem I'm encountering is lack of
>>> proper escaping tools. I have noticed it when I
>>> decided to use [ and ] in page titles.
>>> «My Recent Modifications» became broken because
>>> XWiki parsed [ and ]. Currently I have added
>>> {pre} and {/pre} at both ends, but it is just a
>>> krunch. What is the proper way? I have checked
>>> $escapetool and $xwiki.get*Encoded APIs. There is
>>> no common API to escape [, ], =, {, etc.
>
>> You haven't checked
>> http://platform.xwiki.org/xwiki/bin/view/Main/XWikiSyntax#HEscapes ;)
>
> This doesn't fix your problem. What about
> http://platform.xwiki.org/xwiki/bin/download/DevGuide/API/xwiki-core-2.3.1-javadoc.jar/com/xpn/xwiki/api/Util.html#escapeText%28java.lang.String%29
>
> ?
>
>> Hope this helps,
>> Marius
>>
>>>
>>> _______________________________________________
>>> users mailing list
>>> [email protected]
>>> http://lists.xwiki.org/mailman/listinfo/users
>> _______________________________________________
>> users mailing list
>> [email protected]
>> http://lists.xwiki.org/mailman/listinfo/users
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
