Professional haXe and Neko

Prev | Current Page 505 | Next

L. McColl-Sylvester and F. Ponticelli

"Professional haXe and Neko"

This is handy when the variable contains (X)HTML code fragments.
The following example shows the differences in output using and not using the raw expression.
import mtwin.templo.Loader;
import mtwin.templo.Template;
class Main
{
public static function main()
{
Loader.BASE_DIR = ???d:\\templates\\???; // replace with a valid dir
Loader.TMP_DIR = ???d:\\compiled\\???; // replace with a valid dir
Loader.MACROS = null;
Loader.OPTIMIZED = false;
Chapter 10: Separating Design Using Templates
263
var t = new Template (???raw-template.mtt???);
var r = t.execute({ block: ??? < div > John & Jane < /div > ??? });
neko.Lib.print(r);
}
}
The content of the template file raw - template.mtt is:
::raw block::
::block::
Finally the output for executing the preceding code is:
< div > John & Jane < /div >
& lt;div & gt;John & amp; Jane & lt;/div & gt;
Having the output of a variable automatically encoded is very useful to prevent all kinds of HTML
injections that can represent a very big security vulnerability.

Pages:
493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517

X Power Tools (page 236) Oracle Database 10g Performance Tuning Tips & Techniques (page 3339) Beginners Guide to SQL Server Integration Services Using Visual Studio 2005 (page 27)

Electronic Books

L. McColl-Sylvester and F. Ponticelli

"Professional haXe and Neko"