Another useful capability the filter mechanism could implement is escaping of HTML characters to prevent cross-site scripting vulnerabilities. I think Daniel Dekany suggested this.
http://nagoya.apache.org/eyebrowse/[EMAIL PROTECTED]&msgId=724515
I am sure there are loads of use cases for a feature like this. So let's see what other developers / users and Geir think.
Peter
----- Original Message ----- From: "Peter Romianowski" <[EMAIL PROTECTED]>
To: "Velocity Developers List" <[EMAIL PROTECTED]>
Sent: Monday, June 23, 2003 3:38 AM
Subject: Proposal: Filters
Hi all,
I'd like to propose some kind of filter-mechanism. I did that before, but I think I should do it in an offical way again ;)
The proposal is to include some kind of post-processing filter which alters the generated content. First an example of the possible VTL:
#filter (name [arguments]) #end
Let's take the example of a very anticipated feature (by many users in many different ways): Whitespace-Gobbling. The VTL could look like this:
#filter (whitespace) Hi there ! #end
and would render as: [Hi there !]
Another example would be a Null-Output-Filter which simply suppresses all the output (useful when you have several #set and #if directives):
#filter (null) #set ($a = 1) #if ($a == 1) This will not be written to the output! #end #end
This will render as: []
Many other usecases come into my mind and I think such a filter mechanism would increase the power of velocity dramatically without "sacrificing" the purism.
Configuration:
The filter would be configured in the velocity.properties file like:
filter = null, whitespace
filter.null.class = o.a.v.runtime.filter.NullFilter filter.null.property = additional properties are defined this way filter.whitespace.class = o.a.v.runtime.filter.WhitespaceFilter filter.whitespace.property = additional properties are defined this way
Whereas I think that the Whitespace- and the Nullfilter should be
available
by default (along with others?).
As an additional benefit this proposal of using filters would end
discussions
on things like Whitespace-Gobbling and stuff since you can plug in filters as you like. And a new slogan could be introduced by the hardcore-MVC-purist-Velguys besides "Use a Tool(tm)" - "Use a Filter(tm)"
;)
If there is interest I'd like to publish an implementation proposal for
this.
But the discussion first.
BTW: Geir, do you have a timeline of releases and features / stuff in it?
IIRC
the 1.4dev will go out quite soon and then the 1.4 release (the last w/o
Map
and Numbersupport). After that we will go for all the new stuff, right? If
you
have some kind of plan - please share it with us.
Regards, Peter
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
