Java Mailing List Archive

Home » FreeMarker-user »

Re: [FreeMarker-user] ?js_string double escapes - is this wanted ?

Daniel Dekany


Replies: Find Java Web Hosting

Author LoginPost Reply
Friday, December 9, 2011, 3:56:55 PM, Grégory Joseph wrote:

> Hi there,
> Just noticed that ${"don't do this"?js_string?js_string} would
> output "don\\'t do this". Shouldn't the built-in be smart enough to
> notice when quotes are already escaped ? Or is there a good reason for this ?

There is. Simply put, this is how it's correct. Like, it's possible
that the text *literally* contains \', for with the JavaScript string
literal syntax is \\'.

> I'd rather it doesn't double-escape, so I can add ?js_string to my
> templates safely, even if some of the model's code is already doing
> escaping for some reason.

If an application tries to escape something twice, that's a bug in the
application that should be fixed. Also, it's impossible to detect if a
string was already escaped or not, because a string can contain any
combination of characters, and an escaped string has the same type as
an unescaped one (i.e., there's not EscapedString VS String class).
Surely you can make a guess, which in some concrete application
possibly good enough, but it can't be done on the
template-language-level, after all FreeMarker is used for source code
generation among others, so we can't assume that the content of a
string is in a human language, and hence can't contain \' and such.

> Thoughts ?
> Cheers,
> -greg

Best regards,
Daniel Dekany

Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of
discussion for anyone considering optimizing the pricing and packaging model
of a cloud services business. Read Now!
FreeMarker-user mailing list
©2008 - Jax Systems, LLC, U.S.A.