Escaping in templates - <#escape x as x?html> - windup-dev - Jboss List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Escaping in templates - <#escape x as x?html>

Re: [windup-dev] quickstarts

JSP / JSP / Taglib Parsing & Rules

Ing. Ondřej Žižka

Tuesday, 15 September 2015 Tue, 15 Sep '15

11:44 p.m.

I think we should add <#escape x as x?html> to all templates - unless there's a reason not to. Is there? This directive makes all ${...}'s HTML-escaped. Regards, Ondra

Reply

Show replies by date

Ondrej Zizka

Wednesday, 16 September Wed, 16 Sep

6:38 p.m.

Some of the values contain HTML, like, for instance, the titles. We are inconsistent in certain places what should the value be. I suggest that we add that to the javadoc where appropriate, add the <#escape ...>, and add <#noescape> where needed. That's IMO better than adding ?html everywhere. Ondra On 16.9.2015 06:44, Ing. Ondřej Žižka wrote:

I think we should add <#escape x as x?html> to all templates - unless there's a reason not to. Is there? This directive makes all ${...}'s HTML-escaped. Regards, Ondra _______________________________________________ windup-dev mailing list windup-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/windup-dev

Reply

Rodney Russ

Thursday, 17 September Thu, 17 Sep

12:28 p.m.

I like the summary you provided in our stand-up, Ondrej. Do you have that documented somewhere to use for this discussion? On 16 Sep 2015, at 17:38, Ondrej Zizka wrote:

Some of the values contain HTML, like, for instance, the titles. We are inconsistent in certain places what should the value be. I suggest that we add that to the javadoc where appropriate, add the <#escape ...>, and add <#noescape> where needed. That's IMO better than adding ?html everywhere. Ondra On 16.9.2015 06:44, Ing. Ondřej Žižka wrote: > I think we should add <#escape x as x?html> to all templates - unless > there's a reason not to. Is there? > > This directive makes all ${...}'s HTML-escaped. > > Regards, > Ondra > _______________________________________________ > windup-dev mailing list > windup-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/windup-dev _______________________________________________ windup-dev mailing list windup-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/windup-dev

Reply

Jess Sightler

12:54 p.m.

I don't think the titles actually have HTML. As far as I know, the only present place that does is the hint body. On 09/16/2015 07:38 PM, Ondrej Zizka wrote:

Some of the values contain HTML, like, for instance, the titles. We are inconsistent in certain places what should the value be. I suggest that we add that to the javadoc where appropriate, add the <#escape ...>, and add <#noescape> where needed. That's IMO better than adding ?html everywhere. Ondra On 16.9.2015 06:44, Ing. Ondřej Žižka wrote: > I think we should add <#escape x as x?html> to all templates - unless > there's a reason not to. Is there? > > This directive makes all ${...}'s HTML-escaped. > > Regards, > Ondra > _______________________________________________ > windup-dev mailing list > windup-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/windup-dev _______________________________________________ windup-dev mailing list windup-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/windup-dev

Reply

3388

days inactive

3389

days old

windup-dev@lists.jboss.org

Manage subscription

3 comments

4 participants

tags (0)

participants (4)

Ing. Ondřej Žižka
Jess Sightler
Ondrej Zizka
Rodney Russ