Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Trunk
    • Fix Version/s: 16.11.01
    • Component/s: framework
    • Labels:
      None

      Activity

      Hide
      deepak.dixit Deepak Dixit added a comment -

      This has been done at r1742685 and 1742686

      Show
      deepak.dixit Deepak Dixit added a comment - This has been done at r1742685 and 1742686
      Hide
      fbr@14x.net Forrest Rae added a comment -

      This new version of FreeMarker includes auto-escaping and output formats. The <#escape> directive has been deprecated. Notice the comment at the very end of this page:

      "FreeMarker automatically escapes all values printed ... if it's properly configured (that's the responsibility of the programmers; see here how)."

      Would be good to turn autoescaping on, and set the configuration to match .ftl as HTML and .fo.ftl as XML.

      Thoughts?

      Show
      fbr@14x.net Forrest Rae added a comment - This new version of FreeMarker includes auto-escaping and output formats . The <#escape> directive has been deprecated. Notice the comment at the very end of this page: "FreeMarker automatically escapes all values printed ... if it's properly configured (that's the responsibility of the programmers; see here how )." Would be good to turn autoescaping on, and set the configuration to match .ftl as HTML and .fo.ftl as XML. Thoughts?
      Hide
      pfm.smits Pierre Smits added a comment -

      If we are going down that path I guess we have to visit a lot of Freemarker template files, right?

      Show
      pfm.smits Pierre Smits added a comment - If we are going down that path I guess we have to visit a lot of Freemarker template files, right?
      Hide
      jacques.le.roux Jacques Le Roux added a comment -

      We don' t use any <#escape> directives in all OFBiz. We have a couple of <#noescape> which should be replaced by <#noautoesc>. So I agree we could set the Freemarker environement to auto-escaping, and test if it has not unexpected side-effects.

      Show
      jacques.le.roux Jacques Le Roux added a comment - We don' t use any <#escape> directives in all OFBiz. We have a couple of <#noescape> which should be replaced by <#noautoesc>. So I agree we could set the Freemarker environement to auto-escaping, and test if it has not unexpected side-effects.
      Hide
      jacques.le.roux Jacques Le Roux added a comment -

      Could be that this will fix or complicate the issue I crossed (at bottom) of OFBIZ-7041 and more recently at OFBIZ-7343, let's see...

      Show
      jacques.le.roux Jacques Le Roux added a comment - Could be that this will fix or complicate the issue I crossed (at bottom) of OFBIZ-7041 and more recently at OFBIZ-7343 , let's see...
      Hide
      jacques.le.roux Jacques Le Roux added a comment -

      I created OFBIZ-7675 for that

      Show
      jacques.le.roux Jacques Le Roux added a comment - I created OFBIZ-7675 for that

        People

        • Assignee:
          deepak.dixit Deepak Dixit
          Reporter:
          deepak.dixit Deepak Dixit
        • Votes:
          0 Vote for this issue
          Watchers:
          3 Start watching this issue

          Dates

          • Created:
            Updated:
            Resolved:

            Development