Uploaded image for project: 'Hippo Archetype'
  1. Hippo Archetype
  2. ARCHE-523

Follow Freemarker best practices regarding file extensions, output formats, and auto-escaping

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None
    • Similar issues:

      Description

      Per HSTTWO-3422 we upgraded to Freemarker 2.3.24, one of the reasons being a new feature: auto-escaping.

      Further investigation revealed that some more work is needed, see:

      http://freemarker.org/docs/dgui_misc_autoescaping.html
      http://freemarker.org/docs/pgui_config_outputformatsautoesc.html

      FreeMarker automatically escapes all values printed with ${...} if it's properly configured (that's the responsibility of the programmers; see here how). The recommended practice is using ftlh file extension to activate HTML auto-escaping, and ftlx file extension to activate XML auto-escaping.

      In an 11.1 archetype project, I had to make the following changes to get this working:

      Add *.ftlh to the web files includedFiles configuration.

      Add a *.ftlh url-pattern for the freemarker servlet-mapping in the site web.xml:

        <servlet-mapping>
          <servlet-name>freemarker</servlet-name>
          <url-pattern>*.ftl</url-pattern>
          <url-pattern>*.ftlh</url-pattern>
        </servlet-mapping> 
      

      Add to the FreemarkerServlet in site web.xml:

          <init-param>
            <param-name>incompatible_improvements</param-name>
            <param-value>2.3.24</param-value>
          </init-param>
      

      Furthermore, any default Freemarker template would have to be changed to *.ftlh extension, and content output now using ${foo?html} changed to ${foo}. I created ESSENTIALS-1054 for that.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                nvankampenhout Niels van Kampenhout
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: