Details
-
Improvement
-
Status: Closed
-
Normal
-
Resolution: Won't Do
-
None
-
None
-
None
Description
Per HSTTWO-3422 we upgraded to Freemarker 2.3.24, one of the reasons being a new feature: auto-escaping.
Further investigation revealed that some more work is needed, see:
http://freemarker.org/docs/dgui_misc_autoescaping.html
http://freemarker.org/docs/pgui_config_outputformatsautoesc.html
FreeMarker automatically escapes all values printed with ${...} if it's properly configured (that's the responsibility of the programmers; see here how). The recommended practice is using ftlh file extension to activate HTML auto-escaping, and ftlx file extension to activate XML auto-escaping.
In an 11.1 archetype project, I had to make the following changes to get this working:
Add *.ftlh to the web files includedFiles configuration.
Add a *.ftlh url-pattern for the freemarker servlet-mapping in the site web.xml:
<servlet-mapping>
<servlet-name>freemarker</servlet-name>
<url-pattern>*.ftl</url-pattern>
<url-pattern>*.ftlh</url-pattern>
</servlet-mapping>
Add to the FreemarkerServlet in site web.xml:
<init-param>
<param-name>incompatible_improvements</param-name>
<param-value>2.3.24</param-value>
</init-param>
Furthermore, any default Freemarker template would have to be changed to *.ftlh extension, and content output now using ${foo?html} changed to ${foo}. I created ESSENTIALS-1054 for that.
Attachments
Issue Links
- is awaited by
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
- waits for
-
-
- Closed
-