On 7/15/02 4:00 PM, "Ed Yu" <[EMAIL PROTECTED]> wrote: > Yep, now that I think more (I wasn't thinking since I'm having too much > fun putting together my new computer at work), filtering really belongs > to the view (MVC). >
In this case, I think Jon is right here. The quibbling about MVC purity doesn't matter. In his case, his solution works well, so I'd try it. > On the other hand what Jon suggested seem to be a really convenient > place to set the filtering behavior. I was wondering if there is a way > to configure the event cartridge to fire or not within the > velocity.properties file in the future release. Well, no, as that would mean that the view could turn off what the controller does. It might be something you put into your app, which controls which pages get an event cartridge. Geir > > -----Original Message----- > From: Geir Magnusson Jr. [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 15, 2002 3:33 PM > To: Velocity Developer's List > Subject: Re: HTML escape sequence filtering (is there a tool for that?) > > > On 7/15/02 3:30 PM, "Geir Magnusson Jr." <[EMAIL PROTECTED]> wrote: > >> On 7/15/02 1:38 PM, "Jon Scott Stevens" <[EMAIL PROTECTED]> wrote: >> >>> on 7/15/02 6:43 AM, "Ed Yu" <[EMAIL PROTECTED]> wrote: >>> >>>> I'm looking into JSP migration to Velocity. There is one feature > that >>>> the <bean:write ... filter="true"> tag offer, the ability to filer >>>> special html characters (<, >, &, etc...). Currently is there a > "tool" >>>> to perform such filtering? >>> >>> Even better than Geir's suggestion (which is terribly not MVC >> >> I'll beg to differ. I think that this is just fine MVC as this is a > view >> issue - if the data is to be XML encoded vs URL encoded vs translated > to >> spanish vs translated to Klingon vs... That, to me, is a view thing. >> Otherwise you have to teach your model about presentation. >> > > Just to be clear - re-reading this, in the case of language, I am unsure > about if the translation should be here or elsehwere - it probably > belongs > elsehwere, as that's data. > > > However, I still think that this kind of view-specific encoding (the > XML) is > just fine here.... > >>> and prone to >>> mistakes...what if you forget to filter some user supplied data? You > then >>> have a cross site scripting hole) >> >> This I agree with 100% :) >> >>> ...is to write a ReferenceInsertionFilter >>> to do what you want... >>> >>> > <http://scarab.tigris.org/source/browse/scarab/src/java/org/tigris/scara > b/ut >>> > il/ReferenceInsertionFilter.java?rev=1.11&content-type=text/x-cvsweb-mar > kup> >>> >> >> And yes, for the non-lazy that want to do it right, this is great. -- Geir Magnusson Jr. Research & Development, Adeptra Inc. [EMAIL PROTECTED] +1-203-247-1713 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
