commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arend v. Reinersdorff (JIRA)" <>
Subject [jira] [Commented] (TEXT-74) StrSubstitutor: Ability to turn off substitution in values
Date Thu, 13 Jul 2017 19:51:00 GMT


Arend v. Reinersdorff commented on TEXT-74:

Hi [~cscherban],

I improved the description: It was not formatting properly in Jira and a bit misleading. I
hope it is clearer now.

It's not about inner or outer variables, but about replacing in the source or in the values.
The values might be untrusted user input.

> StrSubstitutor: Ability to turn off substitution in values
> ----------------------------------------------------------
>                 Key: TEXT-74
>                 URL:
>             Project: Commons Text
>          Issue Type: Improvement
>            Reporter: Arend v. Reinersdorff
>            Priority: Minor
>              Labels: features
>             Fix For: 1.x
> StrSubstitutor replaces variables in values. And currently there's no way to turn this
> Why turn it off: I want to replace some variables in a simple template. Some of the replacement
values are arbitrary user input.
> At the moment I escape all dollar signs in the replacement values with "$$". This is
annoying. Especially as I use one template with variables as a value for another variable.
Here I have to escape twice.
> Here's some example code. At the moment it prints:
> {code}
> Hello Hamburg from Hamburg
> {code}
> The commented line is my suggestion for this feature. If it works, it should print:
> {code}
> Hello ${city} from Hamburg
> {code}
> {code}
> // untrusted user input
> String userInputName = "${city}";
> String userInputCity = "Hamburg";
> Map<String, String> valueMap = new HashMap<>();
> valueMap.put("name", userInputName);
> valueMap.put("city", userInputCity);
> String source = "Hello ${name} from ${city}";
> StrSubstitutor strSubstitutor = new StrSubstitutor(valueMap);
> // strSubstitutor.setEnableSubstitutionInValues(false);
> System.out.println(strSubstitutor.replace(source));
> {code}

This message was sent by Atlassian JIRA

View raw message