Helma Logo
main list history
previous version  overview  next version

Version 15 by hannes on 20. March 2007, 12:34

Helma 1.6 contains a number of Skin/Macro enhancements that aim to make Helma's rendering infrastructure more flexible and powerful.

=== Macro pipes/filters ===

  <% text | truncate max="300" | uppercase %>

Filter functions must have a _filter suffix and get two arguments: the return value of the previous macro/filter in the chain, and a parameter object with the attributs in the filter tag. They are expected to return the filtered macro output. Macro and filter return values are converted to string only at the end of the chain. It is therefore possible to pass other objects between macros and filters:

  <% now | format %>
  
  function now_macro(param) {
    return new Date();
  }
  
  function format_filter(arg, param) {
    return arg.format();
  }

You can use regular expressions directly as filters:

  var regexp_filter = new RegExp("\\w*");

=== Deep/Reach-through macro invocation ===

Helma 1.6 allows macros to be invoked over several property path links.

  <% page.author.name %>

Since deep macro invocation poses a potential security risk for applications that support skins by untrusted users, this feature is disabled by default and must be enabled with the allowDeepMacros setting in app.properties or server.properties file:

  allowDeepMacros = true

=== Nested Macros ===

Helma 1.6 allows macros as macro attribute values.

  <% page.link content=<% messages.storylink %> %>

The main reasons to reject this over the years have been that this is ugly, and that it results in unreadable skins. But then, isn't recursion one of the coolest concepts in programming? If you think it's ugly, just don't use it. Otherwise, it may save you a handsome amount of macro writing.

=== Fix quoted parameter parsing ===

In Helma 1.5 and earlier, a "%>" sequence was interpreted as macro end tag even if it was contained in a quoted parameter string. Helma 1.6 fixes this, making it possible to pass strings containing macro tags as parameter values to be rendered as skin by the macro function.

=== Positional macro parameters ===

In addition to named parameters, macro functions can now be invoked with positional parameters. If the attribute name and equals sign is omitted from an parameter, it is interpreted as positional parameter. Positional parameters are passed to macro and filter functions after the parameter object containing any named parameters.

  <% image "dancer.gif" alt="Helma dancing her feet off" %>
  
  function image_macro(param, imageName) { ... }

=== New standard failmode attribute ===

Helma macros support a new standard attribute, in addition to <code>prefix</code>, <code>suffix</code>, <code>default</code> and <code>encoding</code>.

The <code>failmode</code> attribute, if defined, will cause error messages for failed or unresolved macros to be generated or suppressed.

  <% failLoudly failmode="verbose" %>
  <% failQuitely failmode="silent" %>

The default value is silent for request/response/session/param handlers, and verbose for app object handlers (mimicking implicit Helma 1.5 behaviour).

=== Compatibility issues ===

All the changes and new features in Helma 1.6 skins are backwards compatible with Helma 1.5.

=== Security issues ===

The one know security implication introduced by the new features is with deep/reach-through macro invocation and untrusted skin authors, since it allows skin authors to reach objects that may not be meant to be reached. Therefore, this feauture is disabled by default and must be activated using the allowDeepMacros property.

The other new features should not affect security, since it just allows to call macros that were already callable before. The skin sandboxing feature hasn't changed and works the same as before. Macro filters are currently not affected by the sandbox.

=== Known bugs ===


     removed
     added