13 Jun
2010
13 Jun
'10
3:59 p.m.
Vincent Massol wrote:
On Jun 13, 2010, at 11:51 AM, Caleb James DeLisle
wrote:
$services.rendering.escape(text, syntax)
I agree with the idea of generic but too much typing and nobody will ever use it, opting
to be insecure instead.
Also I'm -.5 to the idea if it means separating it from the other functions of
escapetool.
Right now $escapetool is included via velocity
configuration.
I don't see any reason why we couldn't change to a VelocityContextInitializer
which adds an extension of escapetool which has:
$escapetool.xwiki1(String)
$escapetool.xwiki2(String)
I'm not sure it has to do with escapetool (at least for xwiki/2.0 and other new
rendering syntaxes). I think it has more to do with the rendering module since it's
the rendering module which defines the escaping rules (for xwiki/2.0 and other syntaxes,
except for syntax 1.0 which is in the old rendering). In addition it would need to be
generic, something like
BTW I haven't followed this thread but what are the needs? It sounds a bit strange to
have to output wiki syntax through velocity.
People want user supplied content to be spliced into a page without effecting the wiki
output.
We use escapetool to escape XML and URLs. this would just add more features to it.
Another need is to make escapetool.xml escape { so that user content cannot jailbreak an
html macro.
Thanks
-Vincent
Although it would be cleaner I'm resistant
to:
$escapetool.xwiki.syntax20(String)
or the like because vulnerability is easier than security so we should
make security as easy (to type) as possible.
I'm not sure when I'll have time to do this but I don't think it'd take
more
than a few hours.
WDYT?
Caleb
Marius Dumitru Florea wrote:
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
On 06/13/2010 11:43 AM, Marius Dumitru Florea
wrote:
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs On 06/12/2010 04:26 PM, Ivan Levashew wrote:
> Hello!
>
> Yet another problem I'm encountering is lack of
> proper escaping tools. I have noticed it when I
> decided to use [ and ] in page titles.
> «My Recent Modifications» became broken because
> XWiki parsed [ and ]. Currently I have added
> {pre} and {/pre} at both ends, but it is just a
> krunch. What is the proper way? I have checked
> $escapetool and $xwiki.get*Encoded APIs. There is
> no common API to escape [, ], =, {, etc.
You haven't checked
http://platform.xwiki.org/xwiki/bin/view/Main/XWikiSyntax#HEscapes ;)
This
doesn't fix your problem. What about
http://platform.xwiki.org/xwiki/bin/download/DevGuide/API/xwiki-core-2.3.1-…
?
Hope this helps,
Marius
> _______________________________________________
> users mailing list
> users(a)xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users