Several doubtful points on the manual

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Several doubtful points on the manual

Albert Kam
I have several points to ask based on the manual, please share your views :

(1) http://freemarker.sourceforge.net/docs/dgui_datamodel_types.html
> The main reason is that the result of functions are subject to automatic XML-escaping (due to the nature of ${...}), 
Is it true that the function return value and the result of interpolation are automatically escaped ?
I tried this :
<#assign myvar="hello&world">

<#function hello>
<#return "<inside&function">
</#function>

${myvar}
${hello()}

with this result :
hello&world
<inside&function

> while the output of user-defined directives are not (due to the nature of <@...>; its output is assumed to be markup, and hence already escaped).
Is it true that user defined directives are automatically escaped also ? But i think not, since we have the ?html and #escape for this, am i right ?

> also you can use complex expression on the left side of = (e.g. someParam=(price + 50)*1.25)
Should be on the --right-- side instead of the --left-- side ?

> Guide for inserting date/time values
> If the expression evaluates to a date then the numerical value will be transformed to a text according to a default format.
Should be the --date-- value instead of --numerical-- value ?

> It is useful for templates that contain macro definitions only (and some other non-outputting directives), because it removes the line-breaks that you use between the macro definitions and between the other top-level directives to improve the readability of the template
How is it improving the readability of the 'library' template when what the developer see is always the unparsed version ?

Regards from Jakarta,
Albert
--
Do not pursue the past. Do not lose yourself in the future.
The past no longer is. The future has not yet come.
Looking deeply at life as it is in the very here and now,
the practitioner dwells in stability and freedom.
(Thich Nhat Hanh)

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
FreeMarker-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freemarker-user
Reply | Threaded
Open this post in threaded view
|

Re: Several doubtful points on the manual

Denis Bredelet

On 9 Mar 2013, at 13:17, Albert Kam <[hidden email]> wrote:

I have several points to ask based on the manual, please share your views :

(1) http://freemarker.sourceforge.net/docs/dgui_datamodel_types.html
> The main reason is that the result of functions are subject to automatic XML-escaping (due to the nature of ${...}), 
Is it true that the function return value and the result of interpolation are automatically escaped ?

It is subject to escaping *if* you use #escape. Not so for macro calls. 

I tried this :
<#assign myvar="hello&world">

<#function hello>
<#return "<inside&function">
</#function>

${myvar}
${hello()}

with this result :
hello&world
<inside&function

> while the output of user-defined directives are not (due to the nature of <@...>; its output is assumed to be markup, and hence already escaped).
Is it true that user defined directives are automatically escaped also ? But i think not, since we have the ?html and #escape for this, am i right ?

> also you can use complex expression on the left side of = (e.g. someParam=(price + 50)*1.25)
Should be on the --right-- side instead of the --left-- side ?

Yes. 


> Guide for inserting date/time values
> If the expression evaluates to a date then the numerical value will be transformed to a text according to a default format.
Should be the --date-- value instead of --numerical-- value ?

Technically dates are usually time stamps since the epoch, but I agree with you. 


> It is useful for templates that contain macro definitions only (and some other non-outputting directives), because it removes the line-breaks that you use between the macro definitions and between the other top-level directives to improve the readability of the template
How is it improving the readability of the 'library' template when what the developer see is always the unparsed version ?

Exactly, this allows you to add newlines in the template without breaking the layout. Hence it improves readability. 


Regards from Jakarta,
Albert
--
Do not pursue the past. Do not lose yourself in the future.
The past no longer is. The future has not yet come.
Looking deeply at life as it is in the very here and now,
the practitioner dwells in stability and freedom.
(Thich Nhat Hanh)
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
FreeMarker-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freemarker-user

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
FreeMarker-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freemarker-user
Reply | Threaded
Open this post in threaded view
|

Re: Several doubtful points on the manual

Albert Kam
Hello, thank you for the response ..

> It is subject to escaping *if* you use #escape. 
Did you mean the function's result ? That's why i was doubtful, because it says in the manual 'subject to --automatic-- xml escaping.

Not so for macro calls. 
Did you mean macro calls will result in escaped content automatically ?

> Exactly, this allows you to add newlines in the template without breaking the layout. Hence it improves readability. 
Ah, makes sense ! But in the context of 'library' template with only macros only, i imagine we can add newlines also without strip_text, and not breaking anything, because the what is important is the macros, not the newlines or any other texts outside the macros, am i correct ?


On Sat, Mar 9, 2013 at 9:14 PM, Denis Bredelet <[hidden email]> wrote:

On 9 Mar 2013, at 13:17, Albert Kam <[hidden email]> wrote:

I have several points to ask based on the manual, please share your views :

(1) http://freemarker.sourceforge.net/docs/dgui_datamodel_types.html
> The main reason is that the result of functions are subject to automatic XML-escaping (due to the nature of ${...}), 
Is it true that the function return value and the result of interpolation are automatically escaped ?

It is subject to escaping *if* you use #escape. Not so for macro calls. 

I tried this :
<#assign myvar="hello&world">

<#function hello>
<#return "<inside&function">
</#function>

${myvar}
${hello()}

with this result :
hello&world
<inside&function

> while the output of user-defined directives are not (due to the nature of <@...>; its output is assumed to be markup, and hence already escaped).
Is it true that user defined directives are automatically escaped also ? But i think not, since we have the ?html and #escape for this, am i right ?

> also you can use complex expression on the left side of = (e.g. someParam=(price + 50)*1.25)
Should be on the --right-- side instead of the --left-- side ?

Yes. 


> Guide for inserting date/time values
> If the expression evaluates to a date then the numerical value will be transformed to a text according to a default format.
Should be the --date-- value instead of --numerical-- value ?

Technically dates are usually time stamps since the epoch, but I agree with you. 


> It is useful for templates that contain macro definitions only (and some other non-outputting directives), because it removes the line-breaks that you use between the macro definitions and between the other top-level directives to improve the readability of the template
How is it improving the readability of the 'library' template when what the developer see is always the unparsed version ?

Exactly, this allows you to add newlines in the template without breaking the layout. Hence it improves readability. 


Regards from Jakarta,
Albert
--
Do not pursue the past. Do not lose yourself in the future.
The past no longer is. The future has not yet come.
Looking deeply at life as it is in the very here and now,
the practitioner dwells in stability and freedom.
(Thich Nhat Hanh)
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
FreeMarker-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freemarker-user

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
FreeMarker-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freemarker-user




--
Do not pursue the past. Do not lose yourself in the future.
The past no longer is. The future has not yet come.
Looking deeply at life as it is in the very here and now,
the practitioner dwells in stability and freedom.
(Thich Nhat Hanh)

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
FreeMarker-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freemarker-user
Reply | Threaded
Open this post in threaded view
|

Re: Several doubtful points on the manual

Daniel Dekany
In reply to this post by Albert Kam
Saturday, March 9, 2013, 2:17:55 PM, Albert Kam wrote:

> I have several points to ask based on the manual, please share your views :
>
> (1) http://freemarker.sourceforge.net/docs/dgui_datamodel_types.html
>> The main reason is that the result of functions are subject to automatic XML-escaping (due to the nature of ${...}),
> Is it true that the function return value and the result of
> interpolation are automatically escaped ?
> I tried this :
> <#assign myvar="hello&world">
>
> <#function hello>
> <#return "<inside&function">
> </#function>
>
> ${myvar}
> ${hello()}
>
> with this result :
> hello&world
> <inside&function

The output of `${...}` is escaped only if it's inside a #escape call.
Later maybe it will change so that escaping can be on by default,
without any #escape calls, and actually some users already do that
through a TemplateLoader hack. Anyway, the point is, if you want to
output markup, try not to use `${...}`, and hence functions, because
they aren't meant to be used for that. To generate markup use a macro
or directive.

>> while the output of user-defined directives are not (due to the nature of <@...>; its output is assumed to be markup, and hence already escaped).
> Is it true that user defined directives are automatically escaped
> also ? But i think not, since we have the ?html and #escape for this, am i right ?

The output of directives is never escaped, because they meant to
something that's already markup. That it's already markup also means
that if the directive (the macro) has contained `${...}`, it had to
ensure that those were properly escaped.

> (2) http://freemarker.org/docs/dgui_misc_userdefdir.html
>> also you can use complex expression on the left side of = (e.g. someParam=(price + 50)*1.25)
> Should be on the --right-- side instead of the --left-- side ?

Ops... right. Will fix it.

> (3) http://freemarker.org/docs/dgui_template_valueinsertion.html 
>> Guide for inserting date/time values
>> If the expression evaluates to a date then the numerical value will be transformed to a text according to a default format.
> Should be the --date-- value instead of --numerical-- value ?

Sure. Also will be fixed.

> (4) http://freemarker.sourceforge.net/docs/dgui_misc_whitespace.html
>> It is useful for templates that contain macro definitions only (and some other non-outputting directives), because it removes the line-breaks that you use between the macro definitions and between the other top-level directives to improve the readability of the template
> How is it improving the readability of the 'library' template when
> what the developer see is always the unparsed version ?

That you can add empty lines helps readably. If those empty lines were
include in the output, the library author would omit them, making the
library less readable.

> Regards from Jakarta,
> Albert

--
Best regards,
 Daniel Dekany


------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
FreeMarker-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freemarker-user
Reply | Threaded
Open this post in threaded view
|

Re: Several doubtful points on the manual

Daniel Dekany
In reply to this post by Albert Kam
Saturday, March 9, 2013, 4:55:07 PM, Albert Kam wrote:

> Hello, thank you for the response ..
>
>> It is subject to escaping *if* you use #escape.
> Did you mean the function's result ? That's why i was doubtful,
> because it says in the manual 'subject to --automatic-- xml escaping.

The only thing that might applies auto-escaping is `${...}`, but to
insert the values of functions till 2.3.30 you can only use `${...}`.

>> Not so for macro calls.
> Did you mean macro calls will result in escaped content automatically ?

It's assumed to be *already* escaped on the caller side.

>> Exactly, this allows you to add newlines in the template without breaking the layout. Hence it improves readability.
> Ah, makes sense ! But in the context of 'library' template with
> only macros only, i imagine we can add newlines also without
> strip_text, and not breaking anything, because the what is important
> is the macros, not the newlines or any other texts outside the macros, am i correct ?

Correct, except that the legacy way of pulling in a library is with
#include, which can print to the output of the template that uses it.

--
Best regards,
 Daniel Dekany


> On Sat, Mar 9, 2013 at 9:14 PM, Denis Bredelet <[hidden email]> wrote:
>
> On 9 Mar 2013, at 13:17, Albert Kam <[hidden email]> wrote:
>
> I have several points to ask based on the manual, please share your views :
>
> (1) http://freemarker.sourceforge.net/docs/dgui_datamodel_types.html
>> The main reason is that the result of functions are subject to automatic XML-escaping (due to the nature of ${...}),
> Is it true that the function return value and the result of
> interpolation are automatically escaped ?
>
> It is subject to escaping *if* you use #escape. Not so for macro calls.
>
> I tried this :
> <#assign myvar="hello&world">
>
> <#function hello>
> <#return "<inside&function">
> </#function>
>
> ${myvar}
> ${hello()}
>
> with this result :
> hello&world
> <inside&function
>
>> while the output of user-defined directives are not (due to the nature of <@...>; its output is assumed to be markup, and hence already escaped).
> Is it true that user defined directives are automatically escaped
> also ? But i think not, since we have the ?html and #escape for this, am i right ?
>
> (2) http://freemarker.org/docs/dgui_misc_userdefdir.html
>> also you can use complex expression on the left side of = (e.g. someParam=(price + 50)*1.25)
> Should be on the --right-- side instead of the --left-- side ?
>
> Yes.
>
>
> (3) http://freemarker.org/docs/dgui_template_valueinsertion.html 
>> Guide for inserting date/time values
>> If the expression evaluates to a date then the numerical value will be transformed to a text according to a default format.
> Should be the --date-- value instead of --numerical-- value ?
>
> Technically dates are usually time stamps since the epoch, but I agree with you.
>
>
> (4) http://freemarker.sourceforge.net/docs/dgui_misc_whitespace.html
>> It is useful for templates that contain macro definitions only (and some other non-outputting directives), because it removes the line-breaks that you use between the macro definitions and between the other top-level directives to improve the readability of the template
> How is it improving the readability of the 'library' template when
> what the developer see is always the unparsed version ?
>
> Exactly, this allows you to add newlines in the template without
> breaking the layout. Hence it improves readability.
>
>
> Regards from Jakarta,
> Albert
> --
> Do not pursue the past. Do not lose yourself in the future.
> The past no longer is. The future has not yet come.
> Looking deeply at life as it is in the very here and now,
> the practitioner dwells in stability and freedom.
> (Thich Nhat Hanh)


------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
FreeMarker-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freemarker-user
Reply | Threaded
Open this post in threaded view
|

Re: Several doubtful points on the manual

Daniel Dekany
Sunday, March 10, 2013, 1:15:13 PM, Daniel Dekany wrote:

> Saturday, March 9, 2013, 4:55:07 PM, Albert Kam wrote:
>
>> Hello, thank you for the response ..
>>
>>> It is subject to escaping *if* you use #escape.
>> Did you mean the function's result ? That's why i was doubtful,
>> because it says in the manual 'subject to --automatic-- xml escaping.
>
> The only thing that might applies auto-escaping is `${...}`, but to
> insert the values of functions till 2.3.30

I meant 2.3.20. Here's the relevant quote from earlier mailing, which
also clarifies what's the difference between #functions and
#macros/directives:

  http://thread.gmane.org/gmane.comp.web.freemarker.devel/7950

> you can only use `${...}`.
>
>>> Not so for macro calls.
>> Did you mean macro calls will result in escaped content automatically ?
>
> It's assumed to be *already* escaped on the caller side.
>
>>> Exactly, this allows you to add newlines in the template without breaking the layout. Hence it improves readability.
>> Ah, makes sense ! But in the context of 'library' template with
>> only macros only, i imagine we can add newlines also without
>> strip_text, and not breaking anything, because the what is important
>> is the macros, not the newlines or any other texts outside the macros, am i correct ?
>
> Correct, except that the legacy way of pulling in a library is with
> #include, which can print to the output of the template that uses it.
>

--
Best regards,
 Daniel Dekany


------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
FreeMarker-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freemarker-user
Reply | Threaded
Open this post in threaded view
|

Re: Several doubtful points on the manual

Albert Kam
Thanks for the thread explaining the best practices for the macro, function and interpolation.
So basically the conclusion that i got is that there is nothing that is --automatically-- escaped with the current stable version.
I guess its the 'automatic' part in the manual that i pasted earlier that got me doubtful.

Regards from Jakarta,
Albert Kam


On Sun, Mar 10, 2013 at 7:18 PM, Daniel Dekany <[hidden email]> wrote:
Sunday, March 10, 2013, 1:15:13 PM, Daniel Dekany wrote:

> Saturday, March 9, 2013, 4:55:07 PM, Albert Kam wrote:
>
>> Hello, thank you for the response ..
>>
>>> It is subject to escaping *if* you use #escape.
>> Did you mean the function's result ? That's why i was doubtful,
>> because it says in the manual 'subject to --automatic-- xml escaping.
>
> The only thing that might applies auto-escaping is `${...}`, but to
> insert the values of functions till 2.3.30

I meant 2.3.20. Here's the relevant quote from earlier mailing, which
also clarifies what's the difference between #functions and
#macros/directives:

  http://thread.gmane.org/gmane.comp.web.freemarker.devel/7950

> you can only use `${...}`.
>
>>> Not so for macro calls.
>> Did you mean macro calls will result in escaped content automatically ?
>
> It's assumed to be *already* escaped on the caller side.
>
>>> Exactly, this allows you to add newlines in the template without breaking the layout. Hence it improves readability.
>> Ah, makes sense ! But in the context of 'library' template with
>> only macros only, i imagine we can add newlines also without
>> strip_text, and not breaking anything, because the what is important
>> is the macros, not the newlines or any other texts outside the macros, am i correct ?
>
> Correct, except that the legacy way of pulling in a library is with
> #include, which can print to the output of the template that uses it.
>

--
Best regards,
 Daniel Dekany


------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
FreeMarker-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freemarker-user



--
Do not pursue the past. Do not lose yourself in the future.
The past no longer is. The future has not yet come.
Looking deeply at life as it is in the very here and now,
the practitioner dwells in stability and freedom.
(Thich Nhat Hanh)

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
FreeMarker-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freemarker-user
Reply | Threaded
Open this post in threaded view
|

Re: Several doubtful points on the manual

Daniel Dekany
Monday, March 11, 2013, 6:03:25 AM, Albert Kam wrote:

> Thanks for the thread explaining the best practices for the macro, function and interpolation.
> So basically the conclusion that i got is that there is nothing
> that is --automatically-- escaped with the current stable version.

I guess putting the whole template inside #escape counts as automatic
escaping of ${...}-s. Well, it's not entirely automatic... but I used
to put templates into it.

> I guess its the 'automatic' part in the manual that i pasted earlier that got me doubtful.
>
> Regards from Jakarta,
> Albert Kam
>
>
> On Sun, Mar 10, 2013 at 7:18 PM, Daniel Dekany <[hidden email]> wrote:
> Sunday, March 10, 2013, 1:15:13 PM, Daniel Dekany wrote:
>
>> Saturday, March 9, 2013, 4:55:07 PM, Albert Kam wrote:
>>
>>> Hello, thank you for the response ..
>>>
>>>> It is subject to escaping *if* you use #escape.
>>> Did you mean the function's result ? That's why i was doubtful,
>>> because it says in the manual 'subject to --automatic-- xml escaping.
>>
>> The only thing that might applies auto-escaping is `${...}`, but to
>> insert the values of functions till 2.3.30
>
> I meant 2.3.20. Here's the relevant quote from earlier mailing, which
> also clarifies what's the difference between #functions and
> #macros/directives:
>
>   http://thread.gmane.org/gmane.comp.web.freemarker.devel/7950
>
>> you can only use `${...}`.
>>
>>>> Not so for macro calls.
>>> Did you mean macro calls will result in escaped content automatically ?
>>
>> It's assumed to be *already* escaped on the caller side.
>>
>>>> Exactly, this allows you to add newlines in the template without breaking the layout. Hence it improves readability.
>>> Ah, makes sense ! But in the context of 'library' template with
>>> only macros only, i imagine we can add newlines also without
>>> strip_text, and not breaking anything, because the what is important
>>> is the macros, not the newlines or any other texts outside the macros, am i correct ?
>>
>> Correct, except that the legacy way of pulling in a library is with
>> #include, which can print to the output of the template that uses it.
>>
>
> --
> Best regards,
>  Daniel Dekany
>
>
> ------------------------------------------------------------------------------
> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
> endpoint security space. For insight on selecting the right partner to
> tackle endpoint security challenges, access the full report.
> http://p.sf.net/sfu/symantec-dev2dev
> _______________________________________________
> FreeMarker-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/freemarker-user
>
>
>

--
Best regards,
 Daniel Dekany


------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
FreeMarker-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freemarker-user
Reply | Threaded
Open this post in threaded view
|

Re: Several doubtful points on the manual

Albert Kam
Oh, i got what you mean now.

I was stuck with how to enable html escaping for every templates, 
and ended up using the solution from here (although i skip the strip_whitespace part and add it in the configuration setting instead) : 

Thank you for your time Daniel !

Regards from Jakarta,
Albert Kam


On Tue, Mar 12, 2013 at 3:21 AM, Daniel Dekany <[hidden email]> wrote:
Monday, March 11, 2013, 6:03:25 AM, Albert Kam wrote:

> Thanks for the thread explaining the best practices for the macro, function and interpolation.
> So basically the conclusion that i got is that there is nothing
> that is --automatically-- escaped with the current stable version.

I guess putting the whole template inside #escape counts as automatic
escaping of ${...}-s. Well, it's not entirely automatic... but I used
to put templates into it.

> I guess its the 'automatic' part in the manual that i pasted earlier that got me doubtful.
>
> Regards from Jakarta,
> Albert Kam
>
>
> On Sun, Mar 10, 2013 at 7:18 PM, Daniel Dekany <[hidden email]> wrote:
> Sunday, March 10, 2013, 1:15:13 PM, Daniel Dekany wrote:
>
>> Saturday, March 9, 2013, 4:55:07 PM, Albert Kam wrote:
>>
>>> Hello, thank you for the response ..
>>>
>>>> It is subject to escaping *if* you use #escape.
>>> Did you mean the function's result ? That's why i was doubtful,
>>> because it says in the manual 'subject to --automatic-- xml escaping.
>>
>> The only thing that might applies auto-escaping is `${...}`, but to
>> insert the values of functions till 2.3.30
>
> I meant 2.3.20. Here's the relevant quote from earlier mailing, which
> also clarifies what's the difference between #functions and
> #macros/directives:
>
>   http://thread.gmane.org/gmane.comp.web.freemarker.devel/7950
>
>> you can only use `${...}`.
>>
>>>> Not so for macro calls.
>>> Did you mean macro calls will result in escaped content automatically ?
>>
>> It's assumed to be *already* escaped on the caller side.
>>
>>>> Exactly, this allows you to add newlines in the template without breaking the layout. Hence it improves readability.
>>> Ah, makes sense ! But in the context of 'library' template with
>>> only macros only, i imagine we can add newlines also without
>>> strip_text, and not breaking anything, because the what is important
>>> is the macros, not the newlines or any other texts outside the macros, am i correct ?
>>
>> Correct, except that the legacy way of pulling in a library is with
>> #include, which can print to the output of the template that uses it.
>>
>
> --
> Best regards,
>  Daniel Dekany
>
>
> ------------------------------------------------------------------------------
> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
> endpoint security space. For insight on selecting the right partner to
> tackle endpoint security challenges, access the full report.
> http://p.sf.net/sfu/symantec-dev2dev
> _______________________________________________
> FreeMarker-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/freemarker-user
>
>
>

--
Best regards,
 Daniel Dekany


------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
FreeMarker-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freemarker-user



--
Do not pursue the past. Do not lose yourself in the future.
The past no longer is. The future has not yet come.
Looking deeply at life as it is in the very here and now,
the practitioner dwells in stability and freedom.
(Thich Nhat Hanh)

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
FreeMarker-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freemarker-user