Uploaded image for project: 'Hippo CMS'
  1. Hippo CMS
  2. CMS-13003

Follow Freemarker best practices regarding file extensions, output formats, and auto-escaping

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Won't Do
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: archetype
    • Labels:
      None
    • Similar issues:

      Description

      Per HSTTWO-3422 we upgraded to Freemarker 2.3.24, one of the reasons being a new feature: auto-escaping.

      Further investigation revealed that some more work is needed, see:

      http://freemarker.org/docs/dgui_misc_autoescaping.html
      http://freemarker.org/docs/pgui_config_outputformatsautoesc.html

      FreeMarker automatically escapes all values printed with ${...} if it's properly configured (that's the responsibility of the programmers; see here how). The recommended practice is using ftlh file extension to activate HTML auto-escaping, and ftlx file extension to activate XML auto-escaping.

      In an 11.1 archetype project, I had to make the following changes to get this working:

      Add *.ftlh to the web files includedFiles configuration.

      Add a *.ftlh url-pattern for the freemarker servlet-mapping in the site web.xml:

        <servlet-mapping>
          <servlet-name>freemarker</servlet-name>
          <url-pattern>*.ftl</url-pattern>
          <url-pattern>*.ftlh</url-pattern>
        </servlet-mapping> 
      

      Add to the FreemarkerServlet in site web.xml:

          <init-param>
            <param-name>incompatible_improvements</param-name>
            <param-value>2.3.24</param-value>
          </init-param>
      

      Furthermore, any default Freemarker template would have to be changed to *.ftlh extension, and content output now using ${foo?html} changed to ${foo}. I created ESSENTIALS-1054 for that.

        Attachments

        1. screenshot1.png
          screenshot1.png
          178 kB
        2. screenshot2.png
          screenshot2.png
          268 kB

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                nvankampenhout Niels van Kampenhout
              • Votes:
                2 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: