velocity-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cbris...@apache.org
Subject svn commit: r1855144 - in /velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement: EscapeHtmlReference.java EscapeJavaScriptReference.java EscapeXmlReference.java
Date Sun, 10 Mar 2019 11:54:57 GMT
Author: cbrisson
Date: Sun Mar 10 11:54:57 2019
New Revision: 1855144

URL: http://svn.apache.org/viewvc?rev=1855144&view=rev
Log:
[engine] Deprecate HTML, XML and Javascript EscapeReference event handlers

Modified:
    velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java
    velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java
    velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java

Modified: velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java
URL: http://svn.apache.org/viewvc/velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java?rev=1855144&r1=1855143&r2=1855144&view=diff
==============================================================================
--- velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java
(original)
+++ velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java
Sun Mar 10 11:54:57 2019
@@ -22,12 +22,15 @@ import org.apache.commons.lang3.StringEs
  */
 
 /**
- * Escape all HTML entities.
+ * <p>Escape all HTML entities.</p>
+ * <p>Warning: escaping references this way, without knowing if they land inside plain
text, inside an attribute value or elsewhere, is not usable in production.</p>
  *
  * @see <a href="http://commons.apache.org/proper/commons-lang/javadocs/api-release/org/apache/commons/lang3/StringEscapeUtils.html#escapeHtml4%28java.lang.String%29">StringEscapeUtils</a>
  * @author wglass
  * @since 1.5
+ * @deprecated impractical use
  */
+@Deprecated
 public class EscapeHtmlReference extends EscapeReference
 {
 

Modified: velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java
URL: http://svn.apache.org/viewvc/velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java?rev=1855144&r1=1855143&r2=1855144&view=diff
==============================================================================
--- velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java
(original)
+++ velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java
Sun Mar 10 11:54:57 2019
@@ -22,12 +22,15 @@ import org.apache.commons.lang3.StringEs
  */
 
 /**
- * Escapes the characters in a String to be suitable for use in JavaScript.
+ * <p>Escapes the characters in a String to be suitable for use in JavaScript.</p>
+ * <p>Warning: escaping references this way, without knowing if they land inside or
outside Javascript simple-quoted or double-quoted strings, is not usable in production.</p>
  *
  * @see <a href="http://commons.apache.org/proper/commons-lang/javadocs/api-release/org/apache/commons/lang3/StringEscapeUtils.html#escapeEcmaScript%28java.lang.String%29">StringEscapeUtils</a>
  * @author wglass
  * @since 1.5
+ * @deprecated impractical use
  */
+@Deprecated
 public class EscapeJavaScriptReference extends EscapeReference
 {
 

Modified: velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java
URL: http://svn.apache.org/viewvc/velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java?rev=1855144&r1=1855143&r2=1855144&view=diff
==============================================================================
--- velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java
(original)
+++ velocity/engine/trunk/velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java
Sun Mar 10 11:54:57 2019
@@ -22,10 +22,13 @@ import org.apache.commons.lang3.StringEs
  */
 
 /**
- * Escape all XML entities, suitable for placing the output inside an XML (1.0) text node
or attribute value.
+ * <p>Escape all XML entities, suitable for placing the output inside an XML (1.0)
text node or attribute value.</p>
+ * <p>Warning: escaping references this way, without knowing if they land inside plain
text, inside an attribute value or elsewhere, is not usable in production.</p>
+ *
  * @see <a href="http://jakarta.apache.org/commons/lang/api/org/apache/commons/lang/StringEscapeUtils.html#escapeSql(java.lang.String)">StringEscapeUtils</a>
  * @author wglass
  * @since 1.5
+ * @deprecated impractical use
  */
 public class EscapeXmlReference extends EscapeReference
 {



Mime
View raw message