Expansions, the ${...} mechanism, will automatically filter the text,
converting diallowed characters into XML/HTML entities.
Tapestry 5 renders to a DOM-like tree, then streams the output. I
have yet to implement a mechanism for supporting "raw" output, the way
Tapestry 4 does, but it is coming. To access that, there will
probably be a component for the purpose.
I'm thinking of a component, Output, that takes a value, an optional
java.text.Format, and a raw flag as parameters. Basically, pretty
similar to Insert ... but I need to make a change to MarkupWriter and
some other things first.
On 2/1/07, Jiří Mareš <[EMAIL PROTECTED]> wrote:
Hi,
I just saw the last screecast about tapestry 5 and I would like to ask
about usign ${currentTime} construct in the page template for outputing
the properties. How it is with the escaping < > & characters (due to
XSS)? Have I any control about escaping or have I to do it on my own ...
Thanks
--
Jiri Mares (mailto:[EMAIL PROTECTED])
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Howard M. Lewis Ship
TWD Consulting, Inc.
Independent J2EE / Open-Source Java Consultant
Creator and PMC Chair, Apache Tapestry
Creator, Apache HiveMind
Professional Tapestry training, mentoring, support
and project work. http://howardlewisship.com
