velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ahmed Mohombe <>
Subject Re: Best practice for escaping?
Date Thu, 27 Oct 2005 23:39:00 GMT
>>>personally, my recommendation would be to ditch the escaping rules for
>>>variables and go with the following:
>>>#set( $D = '$' )
>>>or you can add the new EscapeTool (in VelocityTools 1.2-rc1) to your
>>>context and do:
>>>escaping is really a pain if you aren't sure whether a variable will
>>>be there or not.  i haven't done it to generate another velocity
>>>template, but the thought is unpleasant. :)
>>Thank you very much for the fast reply.
>>Unfortunately if I 'obfuscate' the templates, the possibility for an error would
>>be even bigger.
> not sure how
> ${D}myVar
> is more of an obfuscation than
> #if( $myVar )\$myVar#else$myVar#end
Yes, you are right :), your example is convincing :).

>>It's seems to me much simpler at the moment to generate the velocity templates
>>with another template engine that has a totally different syntax, so that it won't
>>interfere with the velocity variables, defined or not or have the same name
>>in the source template with the destination template. Not to mention the escaped directive
>>that behave again different from at variable pespective.
> there's precious few directives.  it should be simple to escape those
> properly.  but still, you're right that it will probably be visually
> easier to use a different template engine.
Yes, this was my first thought, but this (with another template language) works only if
one makes only once the transformation :). To use a third language just because it might
be another level of transformation is not very practical :)(one might simply not find a
third one that is 'orthogonal' on the first two :). ).

>>I wonder why there isn't a more elegant solution for such situations :(.
> actually... there may be.  i forgot about the #literal() directive in
> my previous response.  it's a block directive used to prevent
> interpolation of its contents.  
This sounds very interesting. I found however no mention in the 1.4 documentation
about it.

>>Maybe it has nothing to do with the syntax, but the Velocity syntax is very easy and
clean in a
>>direct form.
>>IMHO the escaped syntax should be as easy, and comprehensible, so that one understands
from a simple
>>sight what's up there. 
> well, it can be pretty simple.  if the variable is present, use
> \$variable  and if it's not, just use $variable.  but if you can't
> ensure the presence or absence of a variable, then it's a bit more
> difficult.
Well in most of the cases, I can't ensure the status of a variable, since
this may vary, depending on the many factors. Besides, some of the templates
must be edited by 'simpler users' - that have a little knowledge of HTML but not more.
The plain Velocity syntax looks for them however pretty simple :), but the escaping rules
look under some circumstances complicated even for programmers :).

>>Unfortunately I found no tool that handles the escaped template gracefully :(, so
that at least with
>>syntax highlight to make it evident.
> yeah, i don't think i've ever seen syntax highlighting for Velocity
> that was advanced enough to handle this well.
This is also pretty strange, considering how many projects use Velocity, and how much time(and

errors) could save a plug-in that would be a little more 'intelligent' than just simple editor

I suppose for the moment, I'll stick with another 'orthogonal' template language, to avoid
and later I'll try to find a

Thank you very much for your help!.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message