[jira] [Updated] (TEXT-74) StrSubstitutor: Ability to turn off substitution in values

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[jira] [Updated] (TEXT-74) StrSubstitutor: Ability to turn off substitution in values

JIRA jira@apache.org

     [ https://issues.apache.org/jira/browse/TEXT-74?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Arend v. Reinersdorff updated TEXT-74:
--------------------------------------
    Description:
In StrSubstitutor variable replacement works in a recursive way. And currently there's no way to turn this off.

Why turn it off: I want to replace some variables in a simple template. Some of the replacemnt values are arbitrary user input.

At the moment I escape all dollar signs in the replacement values with "$$". This is annoying. Especially as I use one template with variables as a value for another variable. Here I have to escape twice.

Here's some example code. At the moment it prints:
{code}
Hello Hamburg from Hamburg
{code}
The commented line is my suggestion for this feature. If it works, it should print:
{code}
Hello ${city} from Hamburg
{code}

{code}
// untrusted user input
String userInputName = "${city}";
String userInputCity = "Hamburg";

Map<String, String> valueMap = new HashMap<>();
valueMap.put("name", userInputName);
valueMap.put("city", userInputCity);

String source = "Hello ${name} from ${city}";

StrSubstitutor strSubstitutor = new StrSubstitutor(valueMap);
// strSubstitutor.setEnableSubstitutionInValues(false);
System.out.println(strSubstitutor.replace(source));
{code}

  was:
In StrSubstitutor variable replacement works in a recursive way. And currently there's no way to turn this off.

Why turn it off: I want to replace some variables in a simple template. Some of the replacemnt values are arbitrary user input.

At the moment I escape all dollar signs in the replacement values with "$$". This is annoying. Especially as I use one template with variables as a value for another variable. Here I have to escape twice.

Here's some example code. At the moment it prints:
{code}
Hello Hamburg from Hamburg

{code}
The commented line is my suggestion for this feature. If it works, it should print:
{code}
Hello ${city} from Hamburg
{code}

{code}
// untrusted user input
String userInputName = "${city}";
String userInputCity = "Hamburg";

Map<String, String> valueMap = new HashMap<>();
valueMap.put("name", userInputName);
valueMap.put("city", userInputCity);

String source = "Hello ${name} from ${city}";

StrSubstitutor strSubstitutor = new StrSubstitutor(valueMap);
// strSubstitutor.setEnableSubstitutionInValues(false);
System.out.println(strSubstitutor.replace(source));
{code}


> StrSubstitutor: Ability to turn off substitution in values
> ----------------------------------------------------------
>
>                 Key: TEXT-74
>                 URL: https://issues.apache.org/jira/browse/TEXT-74
>             Project: Commons Text
>          Issue Type: Improvement
>            Reporter: Arend v. Reinersdorff
>            Priority: Minor
>              Labels: features
>             Fix For: 1.x
>
>
> In StrSubstitutor variable replacement works in a recursive way. And currently there's no way to turn this off.
> Why turn it off: I want to replace some variables in a simple template. Some of the replacemnt values are arbitrary user input.
> At the moment I escape all dollar signs in the replacement values with "$$". This is annoying. Especially as I use one template with variables as a value for another variable. Here I have to escape twice.
> Here's some example code. At the moment it prints:
> {code}
> Hello Hamburg from Hamburg
> {code}
> The commented line is my suggestion for this feature. If it works, it should print:
> {code}
> Hello ${city} from Hamburg
> {code}
> {code}
> // untrusted user input
> String userInputName = "${city}";
> String userInputCity = "Hamburg";
> Map<String, String> valueMap = new HashMap<>();
> valueMap.put("name", userInputName);
> valueMap.put("city", userInputCity);
> String source = "Hello ${name} from ${city}";
> StrSubstitutor strSubstitutor = new StrSubstitutor(valueMap);
> // strSubstitutor.setEnableSubstitutionInValues(false);
> System.out.println(strSubstitutor.replace(source));
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Loading...