On 7/15/02 3:30 PM, "Geir Magnusson Jr." <[EMAIL PROTECTED]> wrote:
> On 7/15/02 1:38 PM, "Jon Scott Stevens" <[EMAIL PROTECTED]> wrote: > >> on 7/15/02 6:43 AM, "Ed Yu" <[EMAIL PROTECTED]> wrote: >> >>> I'm looking into JSP migration to Velocity. There is one feature that >>> the <bean:write ... filter="true"> tag offer, the ability to filer >>> special html characters (<, >, &, etc...). Currently is there a "tool" >>> to perform such filtering? >> >> Even better than Geir's suggestion (which is terribly not MVC > > I'll beg to differ. I think that this is just fine MVC as this is a view > issue - if the data is to be XML encoded vs URL encoded vs translated to > spanish vs translated to Klingon vs... That, to me, is a view thing. > Otherwise you have to teach your model about presentation. > Just to be clear - re-reading this, in the case of language, I am unsure about if the translation should be here or elsehwere - it probably belongs elsehwere, as that's data. However, I still think that this kind of view-specific encoding (the XML) is just fine here.... >> and prone to >> mistakes...what if you forget to filter some user supplied data? You then >> have a cross site scripting hole) > > This I agree with 100% :) > >> ...is to write a ReferenceInsertionFilter >> to do what you want... >> >> <http://scarab.tigris.org/source/browse/scarab/src/java/org/tigris/scarab/ut >> il/ReferenceInsertionFilter.java?rev=1.11&content-type=text/x-cvsweb-markup> >> > > And yes, for the non-lazy that want to do it right, this is great. -- Geir Magnusson Jr. Research & Development, Adeptra Inc. [EMAIL PROTECTED] +1-203-247-1713 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
