On Sun, Jun 13, 2010 at 11:51, Caleb James DeLisle
<[email protected]> wrote:
> Right now $escapetool is included via velocity configuration.
> I don't see any reason why we couldn't change to a VelocityContextInitializer
> which adds an extension of escapetool which has:
> $escapetool.xwiki1(String)
> $escapetool.xwiki2(String)
>
> Although it would be cleaner I'm resistant to:
> $escapetool.xwiki.syntax20(String)
> or the like because vulnerability is easier than security so we should
> make security as easy (to type) as possible.
>
> I'm not sure when I'll have time to do this but I don't think it'd take more
> than a few hours.
>
> WDYT?
$escapetool.xwiki2(String) is pretty easy to do but
$escapetool.xwiki1(String) is almost impossible (which is one of the
many reason for having the new rendering system and syntax)
But here is my +1 for the general principal.
We would also have
$escapetool.syntax(String content, Syntax syntaxId)
that would support any provided syntax that implements a proper
Renderer. $escapetool.xwiki2(String) could still be a shortcut for the
same thing since as you said it should be as easy as possible to call
it.
>
> Caleb
>
> Marius Dumitru Florea wrote:
>> On 06/13/2010 11:43 AM, Marius Dumitru Florea wrote:
>>> On 06/12/2010 04:26 PM, Ivan Levashew wrote:
>>>> Hello!
>>>>
>>>> Yet another problem I'm encountering is lack of
>>>> proper escaping tools. I have noticed it when I
>>>> decided to use [ and ] in page titles.
>>>> «My Recent Modifications» became broken because
>>>> XWiki parsed [ and ]. Currently I have added
>>>> {pre} and {/pre} at both ends, but it is just a
>>>> krunch. What is the proper way? I have checked
>>>> $escapetool and $xwiki.get*Encoded APIs. There is
>>>> no common API to escape [, ], =, {, etc.
>>
>>> You haven't checked
>>> http://platform.xwiki.org/xwiki/bin/view/Main/XWikiSyntax#HEscapes ;)
>>
>> This doesn't fix your problem. What about
>> http://platform.xwiki.org/xwiki/bin/download/DevGuide/API/xwiki-core-2.3.1-javadoc.jar/com/xpn/xwiki/api/Util.html#escapeText%28java.lang.String%29
>> ?
>>
>>> Hope this helps,
>>> Marius
>>>
>>>>
>>>> _______________________________________________
>>>> users mailing list
>>>> [email protected]
>>>> http://lists.xwiki.org/mailman/listinfo/users
>>> _______________________________________________
>>> users mailing list
>>> [email protected]
>>> http://lists.xwiki.org/mailman/listinfo/users
>> _______________________________________________
>> users mailing list
>> [email protected]
>> http://lists.xwiki.org/mailman/listinfo/users
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/users
>
--
Thomas Mortagne
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
