velocity-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1855185 [2/2] - in /velocity/site/cms/trunk/content/engine/2.1: configuration-property-changes-in-2.1.mdtext configuration.mdtext developer-guide.mdtext upgrading.mdtext user-guide.mdtext vtl-reference.mdtext webapps.mdtext
Date Mon, 11 Mar 2019 00:29:17 GMT
Modified: velocity/site/cms/trunk/content/engine/2.1/webapps.mdtext
--- velocity/site/cms/trunk/content/engine/2.1/webapps.mdtext (original)
+++ velocity/site/cms/trunk/content/engine/2.1/webapps.mdtext Mon Mar 11 00:29:17 2019
@@ -38,14 +38,14 @@ The simplest replacement for FileResourc
 If you are using the VelocityViewServlet, then it is automatically configured and ready to
use the WebappResourceLoader. So if you want to change the configured path(s), you need only
add a line like the following to your
-    webapp.resource.loader.path=/WEB-INF/mytemplates/
+    resource.loader.webapp.path=/WEB-INF/mytemplates/
 If you need to set the WebappResourceLoader up on your own, then you can make your properties
something like this:
-    resource.loader=webapp
-    webapp.resource.loader.path=/WEB-INF/mytemplates/
+    resource.loader = webapp
+    resource.loader.webapp.class =
+    resource.loader.webapp.path = /WEB-INF/mytemplates/
 You will **also need to put the ServletContext into your VelocityEngine's application attributes**
before initializing that Engine. This is how the WebappResourceLoader knows how to find templates.
@@ -83,7 +83,7 @@ Any user-entered text that contains spec
 However, Velocity provides the ability to specify a `ReferenceInsertionEventHandler` which
will alter the value of a reference before it is inserted into the page. Specifically, you
can configure the `EscapeHtmlReference` handler into your `` file to escape
all references (optionally) matching a regular expression. The following example will escape
HTML entities in any reference that starts with "msg" (e.g. `$msgText`).
-    eventhandler.referenceinsertion.class =
+    eventhandler.reference_insertion.class =
     eventhandler.escape.html.match = /msg.*/
 Note that other kinds of escaping are sometimes required.  For example, in style sheets the
@ character needs to be escaped, and in Javascript strings the single apostrophe ' needs to
be escaped.
@@ -93,7 +93,7 @@ Note that other kinds of escaping are so
 Since a web application is running on a central server, that typically has multiple users
and confidential resources, care must be taken to make certain that the web application is
secure.  Most standard web security principles apply to a web application built with Velocity.
 A few specific issues (such as system configuration, more on cross-site scripting, and method
introspection) are written up in this article on [Building Secure Applications with Velocity](
In particular, you may want to prevent template designers from including "dangerous" reflection-related
methods by specifying the `SecureUberspector` to get/set properties and execute method calls.
-    runtime.introspector.uberspect = org.apache.velocity.util.introspection.SecureUberspector
+    runtime.introspector.uberspect.class = org.apache.velocity.util.introspection.SecureUberspector
 ### Logging

View raw message