Hello all,
We observed that some escaping scenarios are tricky to handle, and it would be interesting to provide more helpers to cover those scenarios.
The use case I have in mind is the escaping of wiki macro parameters when the macro expects an array or a collection. But I’m sure we can find others were we’d like to have helpers to ease escaping and prevent mistakes.
As an example, doing a valid escaping for the use case presented above looks like this.
#set ($eval = $services.rendering.escape($escapetool.java($value), 'xwiki/2.1'))
{{translation key="..." parameters="~"$eval~""/}}
And here, every bit counts:
- the call to
$escapetool.java
- the call to
$services.rendering.escape(..., 'xwiki/2.1')
- wrapping the parameter in
~"...~"
So the question is, where do think is the best location for those escape helpers?
-
Option 1: In
org.xwiki.velocity.tools.EscapeTool
(see my draft PR to introduce$escapetool.xwiki21.parameterArray
) -
Option 2: in the
rendering
script service - Option 3: in both places (with the same implementations, just called from two different locations).
While option 3 is probably the best for discoverability, it can be misleading to have two ways to do the same thing.
I’d personally opt for option 1 or 2 (even though my PR follows option 1, it not a sign of preference for that option).
WDYT?