Minor Description
StrSubstitutor replaces variables in values. And currently there's no way to turn this off.
Why turn it off: I want to replace some variables in a simple template. Some of the replacement values are arbitrary user input.
At the moment I escape all dollar signs in the replacement values with "$$". This is annoying. Especially as I use one template with variables as a value for another variable. Here I have to escape twice.
Here's some example code. At the moment it prints:
Hello Hamburg from Hamburg
The commented line is my suggestion for this feature. If it works, it should print:
Hello ${city} from Hamburg
// untrusted user input String userInputName = "${city}"; String userInputCity = "Hamburg"; Map<String, String> valueMap = new HashMap<>(); valueMap.put("name", userInputName); valueMap.put("city", userInputCity); String source = "Hello ${name} from ${city}"; StrSubstitutor strSubstitutor = new StrSubstitutor(valueMap); // strSubstitutor.setEnableSubstitutionInValues(false); System.out.println(strSubstitutor.replace(source));
Attachments
Issue Links
- links to
