24 Nov
2010
24 Nov
'10
2:45 p.m.
+1 Thanks, Marius On 11/24/2010 03:19 PM, Thomas Mortagne wrote:
Hi devs,
$xwiki.parseMessage is used to parse velocity located in a translation message.
Thing it for me it's very bad (bad design and very bad for performances and most of all for security) to have velocity in translation messages which makes $xwiki.parseMessage useless and some other would say a security hole (see http://jira.xwiki.org/jira/browse/XWIKI-5684).
So I propose to deprecate it in 2.7 to make sure we don't use that anymore.
WDYT ?