Colleagues, With a short burst of autumnal energy, I've just committed a substantial patch to the event handling system. It should be 100% backwards compatible - I encourage you to try it out. We've discussed significant parts of this before (e.g. new IncludeEventHandler for #include and #parse), but please send comments on any aspects of these enhancements.
In addition to updates to the event handler framework, this patch also includes useful event handler implementations. The most important of these are event handlers for reference escaping (HTML, XML, SQL, and JavaScript). Some might argue that escaping belongs in the tools project, but I consider this an important core feature for many of our users. It's worth noting that other templating approaches like JSP 2.0 and FreeMarker have HTML escaping as a language feature. With the latest source code you can set up the event handler in velocity.properties, then (optionally) limit the escape handler implementations with regular expressions. For example, to apply HTML escaping to all references put this line in velocity.properties. ***************************** eventhandler.referenceinsertion.class = org.apache.velocity.app.event.implement.EscapeHtmlReference ***************************** The following velocity.properties excerpts set up HTML escaping for all references and JavaScript escaping (backslash before quotes) for references starting with "js". ***************************** eventhandler.referenceinsertion.class = org.apache.velocity.app.event.implement.EscapeHtmlReference,org.apache.velocity.app.event.implement.EscapeJavaScriptReference eventhandler.escape.javascript.match = /js.*/ ***************************** The most import side effect of this patch is a new dependency on "commons-lang". While I'm loath to grow the jar files unnecessarily, there's a very nice utility class for doing HTML/XML/JavaScript/SQL escaping. Again, I'd welcome any thoughts. Best, WILL _______________________________________ Forio Business Simulations Will Glass-Husain [EMAIL PROTECTED] www.forio.com
