14 Jun
2010
14 Jun
'10
11:33 a.m.
Thomas Mortagne wrote:
On Sun, Jun 13, 2010 at 11:51, Caleb James DeLisle
<calebdelisle(a)lavabit.com> wrote:
I imagined it would be like: "{{{" + string.replaceAll("}}}",
"~}~}~}") + "}}}"
Right now $escapetool is included via velocity
configuration.
I don't see any reason why we couldn't change to a VelocityContextInitializer
which adds an extension of escapetool which has:
$escapetool.xwiki1(String)
$escapetool.xwiki2(String)
Although it would be cleaner I'm resistant to:
$escapetool.xwiki.syntax20(String)
or the like because vulnerability is easier than security so we should
make security as easy (to type) as possible.
I'm not sure when I'll have time to do this but I don't think it'd take
more
than a few hours.
WDYT?
$escapetool.xwiki2(String) is pretty easy to do but $escapetool.xwiki1(String) is almost impossible (which
is one of the
many reason for having the new rendering system and syntax)
Hmm, how about xml escaping any character which is used in syntax1.0 formatting?
But here is my +1 for the general principal.
We would also have
$escapetool.syntax(String content, Syntax syntaxId)
that would support any provided syntax that implements a proper
Renderer.
+1 for the idea, how do we get at the Syntax object in velocity?
Maybe: $escapetool.syntax(String content, String syntaxId) is more realistic.
$escapetool.xwiki2(String) could still be a shortcut
for the
same thing since as you said it should be as easy as possible to call
it.
My thinking exactly.
Caleb
Marius Dumitru Florea wrote:
On 06/13/2010 11:43 AM, Marius Dumitru Florea
wrote:
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
On 06/12/2010 04:26 PM, Ivan Levashew wrote:
> Hello!
>
> Yet another problem I'm encountering is lack of
> proper escaping tools. I have noticed it when I
> decided to use [ and ] in page titles.
> «My Recent Modifications» became broken because
> XWiki parsed [ and ]. Currently I have added
> {pre} and {/pre} at both ends, but it is just a
> krunch. What is the proper way? I have checked
> $escapetool and $xwiki.get*Encoded APIs. There is
> no common API to escape [, ], =, {, etc.
You haven't checked
http://platform.xwiki.org/xwiki/bin/view/Main/XWikiSyntax#HEscapes ;)
This
doesn't fix your problem. What about
http://platform.xwiki.org/xwiki/bin/download/DevGuide/API/xwiki-core-2.3.1-…
?
Hope this helps,
Marius
> _______________________________________________
> users mailing list
> users(a)xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users