Yep, now that I think more (I wasn't thinking since I'm having too much fun putting together my new computer at work), filtering really belongs to the view (MVC).
On the other hand what Jon suggested seem to be a really convenient place to set the filtering behavior. I was wondering if there is a way to configure the event cartridge to fire or not within the velocity.properties file in the future release. -----Original Message----- From: Geir Magnusson Jr. [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 3:33 PM To: Velocity Developer's List Subject: Re: HTML escape sequence filtering (is there a tool for that?) On 7/15/02 3:30 PM, "Geir Magnusson Jr." <[EMAIL PROTECTED]> wrote: > On 7/15/02 1:38 PM, "Jon Scott Stevens" <[EMAIL PROTECTED]> wrote: > >> on 7/15/02 6:43 AM, "Ed Yu" <[EMAIL PROTECTED]> wrote: >> >>> I'm looking into JSP migration to Velocity. There is one feature that >>> the <bean:write ... filter="true"> tag offer, the ability to filer >>> special html characters (<, >, &, etc...). Currently is there a "tool" >>> to perform such filtering? >> >> Even better than Geir's suggestion (which is terribly not MVC > > I'll beg to differ. I think that this is just fine MVC as this is a view > issue - if the data is to be XML encoded vs URL encoded vs translated to > spanish vs translated to Klingon vs... That, to me, is a view thing. > Otherwise you have to teach your model about presentation. > Just to be clear - re-reading this, in the case of language, I am unsure about if the translation should be here or elsehwere - it probably belongs elsehwere, as that's data. However, I still think that this kind of view-specific encoding (the XML) is just fine here.... >> and prone to >> mistakes...what if you forget to filter some user supplied data? You then >> have a cross site scripting hole) > > This I agree with 100% :) > >> ...is to write a ReferenceInsertionFilter >> to do what you want... >> >> <http://scarab.tigris.org/source/browse/scarab/src/java/org/tigris/scara b/ut >> il/ReferenceInsertionFilter.java?rev=1.11&content-type=text/x-cvsweb-mar kup> >> > > And yes, for the non-lazy that want to do it right, this is great. -- Geir Magnusson Jr. Research & Development, Adeptra Inc. [EMAIL PROTECTED] +1-203-247-1713 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
