Velocity user discussion

Antonio Petrelli | 1 Feb 09:36

Picon

Re: [TOOLS] Trouble building 2.0.x

2012/2/1 Christopher Schultz <chris <at> christopherschultz.net>

> Antonio,
>
> On 1/31/12 6:11 PM, Christopher Schultz wrote:
> > No problem: just check it out from svn (done) and build:
>
> I forgot to mention that I downloaded the Velocity 1.7 tag. I wasn't
> sure if trunk would be a good idea in this case.
>

The problem is that Tools 2.1.0-SNAPSHOT depends on Velocity
2.0.0-SNAPSHOT, that depends on velocity-master 1-SNAPSHOT.
IOW, everything is ready to use Maven as the main builder for the next
iteration, so you have to build everything at once or nothing at all.

Antonio

Christopher Schultz | 1 Feb 20:29

Re: [TOOLS] Trouble building 2.0.x

Antonio,

On 2/1/12 3:36 AM, Antonio Petrelli wrote:
> 2012/2/1 Christopher Schultz <chris <at> christopherschultz.net>
> 
>> Antonio,
>>
>> On 1/31/12 6:11 PM, Christopher Schultz wrote:
>>> No problem: just check it out from svn (done) and build:
>>
>> I forgot to mention that I downloaded the Velocity 1.7 tag. I wasn't
>> sure if trunk would be a good idea in this case.
>>
> 
> The problem is that Tools 2.1.0-SNAPSHOT depends on Velocity
> 2.0.0-SNAPSHOT, that depends on velocity-master 1-SNAPSHOT.
> IOW, everything is ready to use Maven as the main builder for the next
> iteration, so you have to build everything at once or nothing at all.

So, if I want to work on Tools, I need to use tools/trunk, and
velocity/trunk. Back-porting is going to be a big mess :(

-chris

Antonio Petrelli | 2 Feb 09:19

Picon

Re: [TOOLS] Trouble building 2.0.x

2012/2/1 Christopher Schultz <chris <at> christopherschultz.net>

> Antonio,
>
> On 2/1/12 3:36 AM, Antonio Petrelli wrote:
> > 2012/2/1 Christopher Schultz <chris <at> christopherschultz.net>
> >
> >> Antonio,
> >>
> >> On 1/31/12 6:11 PM, Christopher Schultz wrote:
> >>> No problem: just check it out from svn (done) and build:
> >>
> >> I forgot to mention that I downloaded the Velocity 1.7 tag. I wasn't
> >> sure if trunk would be a good idea in this case.
> >>
> >
> > The problem is that Tools 2.1.0-SNAPSHOT depends on Velocity
> > 2.0.0-SNAPSHOT, that depends on velocity-master 1-SNAPSHOT.
> > IOW, everything is ready to use Maven as the main builder for the next
> > iteration, so you have to build everything at once or nothing at all.
>
> So, if I want to work on Tools, I need to use tools/trunk, and
> velocity/trunk. Back-porting is going to be a big mess :(
>

The question is: is backporting necessary?

Antonio

Christopher Schultz | 2 Feb 16:39

Re: [TOOLS] Trouble building 2.0.x

Antonio,

On 2/2/12 3:19 AM, Antonio Petrelli wrote:
> 2012/2/1 Christopher Schultz <chris <at> christopherschultz.net>
> 
>> Antonio,
>>
>> On 2/1/12 3:36 AM, Antonio Petrelli wrote:
>>> 2012/2/1 Christopher Schultz <chris <at> christopherschultz.net>
>>>
>>>> Antonio,
>>>>
>>>> On 1/31/12 6:11 PM, Christopher Schultz wrote:
>>>>> No problem: just check it out from svn (done) and build:
>>>>
>>>> I forgot to mention that I downloaded the Velocity 1.7 tag. I wasn't
>>>> sure if trunk would be a good idea in this case.
>>>>
>>>
>>> The problem is that Tools 2.1.0-SNAPSHOT depends on Velocity
>>> 2.0.0-SNAPSHOT, that depends on velocity-master 1-SNAPSHOT.
>>> IOW, everything is ready to use Maven as the main builder for the next
>>> iteration, so you have to build everything at once or nothing at all.
>>
>> So, if I want to work on Tools, I need to use tools/trunk, and
>> velocity/trunk. Back-porting is going to be a big mess :(
>>
> 
> The question is: is backporting necessary?

(Continue reading)

Chad La Joie | 4 Feb 16:58

Most efficient evaluation

I'm looking for the most efficient/performant way to evaluate a
template and have some questions surrounding this.

1. Are Template objects reusable and thread safe?  If they're just
ASTs, it seems like they should be.

2. Does the Velocity/VelocityEngine class cache compiled templates (as
Template objects or anything else)?

3. If yes to both above, is there really any difference between
calling Velocity[Engine].merge and Template.merge?

Thanks.

--

-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered

Nathan Bubna | 4 Feb 17:44

Picon

Re: Most efficient evaluation

On Sat, Feb 4, 2012 at 7:58 AM, Chad La Joie <lajoie <at> itumi.biz> wrote:
> I'm looking for the most efficient/performant way to evaluate a
> template and have some questions surrounding this.
>
> 1. Are Template objects reusable and thread safe?  If they're just
> ASTs, it seems like they should be.

Yes, but you shouldn't have to directly interact with Template
objects, because...

> 2. Does the Velocity/VelocityEngine class cache compiled templates (as
> Template objects or anything else)?

... they are handled (and yes, cached, if you want) internally.  You
just turn caching on.  See User's Guide for more info.

> 3. If yes to both above, is there really any difference between
> calling Velocity[Engine].merge and Template.merge?

Mostly in that VelocityEngine is the API users are expected to use and
Template is really much more of an "internal" class for advanced
purposes.

> Thanks.
>
> --
> Chad La Joie
> www.itumi.biz
> trusted identities, delivered
>

(Continue reading)

Chad La Joie | 6 Feb 13:17

Validate templates before use

Is there a way to "validate" a template prior to using it?  I'd like
to check that some user supplied templates are, at least, parsable
during system startup.

Thanks.

--

-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered

sebb | 6 Feb 15:41

Picon

Re: Validate templates before use

On 6 February 2012 12:17, Chad La Joie <lajoie <at> itumi.biz> wrote:
> Is there a way to "validate" a template prior to using it?  I'd like
> to check that some user supplied templates are, at least, parsable
> during system startup.

Just because it's parseable does not mean it's safe to use ...
allowing an end-user to provide a template without manual checking
sounds like a recipe for inviting exploits.

But perhaps I'm missing something here, and you have some other way of
protecting against valid (but faulty or malicious) templates.

> Thanks.
>
> --
> Chad La Joie
> www.itumi.biz
> trusted identities, delivered
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe <at> velocity.apache.org
> For additional commands, e-mail: user-help <at> velocity.apache.org
>

Chad La Joie | 6 Feb 15:44

Re: Validate templates before use

On Mon, Feb 6, 2012 at 09:41, sebb <sebbaz <at> gmail.com> wrote:
> Just because it's parseable does not mean it's safe to use ...
> allowing an end-user to provide a template without manual checking
> sounds like a recipe for inviting exploits.

There's nothing I can do about that.  If the user wants to write a
template that exploits their own system, that's up to them.  I'm just
trying to provide what checking I can at startup time.

--

-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered

Guillaume Polet | 6 Feb 15:58

Picon

Re: Validate templates before use

I would go for the fundamentals of the developer guide:
http://velocity.apache.org/engine/releases/velocity-1.7/developer-guide.html

// If not done yet, init an engine (here the one of the singleton pattern but there is a non-static call that
you can do if you don't use the singleton pattern engine)
Velocity.init();

Template template = null;
try {
   // Call getTemplate will automatically look up the template and parse it.
   template = Velocity.getTemplate("mytemplate.vm");
} catch( ResourceNotFoundException rnfe ) {
    // This should not happen in your case (although it could)
} catch( ParseErrorException pee ) {
    // Well pretty obvious that the template is not correct
} catch( MethodInvocationException mie ) {
    // I don't remember in which case this exception is thrown.
} catch( Exception e ) {
}

Cheers,
Guillaume

Le 6/02/2012 15:44, Chad La Joie a écrit :
> On Mon, Feb 6, 2012 at 09:41, sebb<sebbaz <at> gmail.com>  wrote:
>> Just because it's parseable does not mean it's safe to use ...
>> allowing an end-user to provide a template without manual checking
>> sounds like a recipe for inviting exploits.
> There's nothing I can do about that.  If the user wants to write a
> template that exploits their own system, that's up to them.  I'm just

(Continue reading)

Group

gmane.comp.jakarta.velocity.user.

Search Archive

Page

1 | 2 | 3

Articles in period: 24

February 2012

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

Added Velocity language parser to CodeMirror (19 May 09:11)
More 1.7 BC issues (porting from 1.5) (3 May 20:17)
is it possible to maintain a foreach directive after a VelocityEngine. (30 Apr 20:44)
upgrading from 1.5 to 1.7 compatibility issues (30 Apr 18:55)
upgrading from 1.5 to 1.7 compatibility issues (30 Apr 17:49)
Configuring number of parsers and buffer sizes (27 Apr 02:59)
Velocity to generate GWT Code (19 Apr 18:23)
getting session id (18 Apr 20:46)
Handling of primitive type arrays (18 Apr 19:51)
ReferenceInsertionEventHandler (30 Mar 15:45)
Velocity engine 2.0 release (26 Mar 15:47)
Velocity syntax (26 Mar 09:36)
issue with vm code not being interpreted (22 Mar 09:26)
[ANNOUNCE] Velosurf 2.3 (9 Mar 17:45)
Minimum version for Velocity and Velocity Tools? (7 Mar 18:06)
[tools] Generating XHTML-compliant Javascript with ValidatorTool (6 Mar 02:15)
formatting issues in Swedish characters in linux (1 Mar 08:08)
Odd error message regarding persistence (13 Feb 15:19)
Dynamic Templates (9 Feb 23:47)
Validate templates before use (6 Feb 13:17)
Most efficient evaluation (4 Feb 16:58)

Archives

14	May 2012
30	April 2012
26	March 2012
22	February 2012
55	January 2012
5	December 2011
9	November 2011
13	October 2011
13	September 2011
10	August 2011
100	July 2011
43	June 2011
26	May 2011
11	April 2011
31	March 2011
21	February 2011
25	January 2011
19	December 2010
28	November 2010
11	October 2010
61	September 2010
13	August 2010
14	July 2010
25	June 2010
25	May 2010
38	April 2010
76	March 2010
15	February 2010
41	January 2010
24	December 2009
17	November 2009
19	October 2009
27	September 2009
41	August 2009
68	July 2009
49	June 2009
49	May 2009
68	April 2009
78	March 2009
87	February 2009
106	January 2009
127	December 2008
67	November 2008
86	October 2008
60	September 2008
58	August 2008
76	July 2008
99	June 2008
90	May 2008
64	April 2008
52	March 2008
57	February 2008
64	January 2008
62	December 2007
56	November 2007
48	October 2007
70	September 2007
69	August 2007
89	July 2007
73	June 2007
142	May 2007
79	April 2007
145	March 2007
82	February 2007
111	January 2007
116	December 2006
45	November 2006
111	October 2006
88	September 2006
109	August 2006
103	July 2006
65	June 2006
126	May 2006
138	April 2006
103	March 2006
105	February 2006
115	January 2006
53	December 2005
138	November 2005
236	October 2005
162	September 2005
143	August 2005
155	July 2005
161	June 2005
217	May 2005
260	April 2005
202	March 2005
181	February 2005
194	January 2005
196	December 2004
235	November 2004
278	October 2004
195	September 2004
139	August 2004
203	July 2004
201	June 2004
153	May 2004
191	April 2004
330	March 2004
218	February 2004
321	January 2004
256	December 2003
228	November 2003
239	October 2003
146	September 2003
82	August 2003
257	July 2003
252	June 2003
210	May 2003
239	April 2003
183	March 2003
308	February 2003
231	January 2003
197	December 2002
244	November 2002
438	October 2002
227	September 2002
278	August 2002
359	July 2002
233	June 2002
486	May 2002
538	April 2002
266	March 2002

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template