Hi Christoph,
Thanx your ideas. My problem with solutions #1 and #2 is that both of them
require you to remember to do something in the template. I've learned the
*very hard* way about this.
If you for example forget to call the #xenc macro or you call $sometext
instead of $xenc.sometext (even just once) your app will happily go on
working until the day (or late at night) that your client enters "bacon &
eggs" - bummer! The "&" hits you where it hurts :-(
I will look deeper into solution #3, because I feel I'm missing something
here. If the context does not return a string, but another object
(typically a Turbine Peer object or Pull object) how will this object's
methods be intercepted? For example I have a template that contains:
<text>$workspace.Name</text>
AFAIK the context only knows about the first level object.
Thank you again for your replay - I'm still looking for the killer solution,
though.
~ Leon
> Leon Messerschmidt wrote:
> > Only inserted values should be scanned for entities. A template like
this:
> >
> > #set ($sometext=" < ")
> > <text>$sometext</text>
> >
> > needs to be rendered like this:
> >
> > <text><</text>
> >
> > The only point where I can determine whether I need to replace entities
is
> > at "render time".
>
> Not really. The only place to find out what to escape is in the template
> where it is being generated. Therefore use a velocimacro, see below.
>
> Jose Alberto Fernandez wrote:
> > I asked for this same type of functionality from the first time I tried
to
> > use and for my XML stuff. Writing $tools.escapeEntities($sometext) on
every
> > substitution in the template makes the template unreadable.
>
> Why not use:
>
> #macro( xenc $sometext )$tools.escapeEntities($sometext)#end
>
> and use it as:
>
> #set( $sometext = " < " )
> <text>#xenc($sometext)</text>
>
>
> Another trick would be to create an encoding utility that takes the
> context as a constructor parameter and only implements a method:
> public String get(String key)
> {
> Object obj = context.get(key)
> return (obj != null) ? Escape.getText( obj.toString() ) : "";
> }
> Put it into the context under "xenc". Then you can do:
>
> <text>$xenc.sometext</text>
>
>
> Alternatively you can implement your own context which always
> applies the encoding to any string returned. This would be the
> NonPlusUltraXmlContext. Be carefull to avoid rendering the
> output of method calls directly (which could return objects or
> strings wich might need encoding), place them first into the
> context with a #set() directive and the use that:
>
> #set( $sometext = $jdomElement.getText() )
> <text>$sometext</text>
>
>
> Hope this helps (let me know),
> :) Christoph
