Putting generated html code into a template

[Mat Jaggard]

I have a template like this:

<!--$extends skeleton.html-->
<div id="bodyarea">
${myGeneratedCode}
</div>

and then I'm doing this in my Java code:

Template t = tempFactProv.get("admin/EditPageForm.html").createTemplate();
t.setProperty("myGeneratedCode ", getHTMLCode());
t.printTo(resp.getWriter());

but the HTML code I've generated is converted to &lt; etc. which has
been pretty useful in other places, but here I need to just send the
code directly. How can I do this?

[Erdinc Yilmazel]

Hi Mat,

Use %{myGeneratedCode} instead of ${myGeneratedCode}

See: https://code.google.com/p/cambridge/wiki/TemplateAuthorsGuide#Printing_object_values

Thanks,

Erdinc

[Jon Stevens]

Also, be 100% sure that you trust that HTML. ;-)

jon

[Mat Jaggard]

Great, thanks.

I'm doing the following, is this safe?

t.setProperty("myGeneratedCode", "<input name=\"static_name\"
value=\"" + EscapeFilter.doFilter(previouslySubmittedValue) + "\"/>");

[Erdinc Yilmazel]

It looks safe to me.

[Jon Stevens]

That is safe, but sane, I don't know. ;-) I try to keep that sort of html out of Java. I've found that spending a lot of effort to write java code to do tools like that is just a bad idea. What happens when you want to generate the form on the client side using something like handlebars? Or... what happens when you want your UX designer to work on the templates and they don't know anything about java?

jon

[Mat Jaggard]

Yeah, that's fair point. I'm doing a bit of a hack here I know.