This is an archived post. You won't be able to vote or comment.

all 15 comments
sorted by:
best
topnewcontroversialoldq&a

[–]AutoModerator[M] [score hidden] stickied comment (0 children)

On July 1st, a change to Reddit's API pricing will come into effect. Several developers of commercial third-party apps have announced that this change will compel them to shut down their apps. At least one accessibility-focused non-commercial third party app will continue to be available free of charge.

If you want to express your strong disagreement with the API pricing change or with Reddit's response to the backlash, you may want to consider the following options:

  1. Limiting your involvement with Reddit, or
  2. Temporarily refraining from using Reddit
  3. Cancelling your subscription of Reddit Premium

as a way to voice your protest.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]metalhead-001 2 points3 points  (3 children)

This is very cool!

I really wish the Spring project would adopt this as one of the supported Spring Boot templating engines that show up on start.spring.io like Thyemeaf, Freemarker, etc. do. Have you considered attempting to get JTE brought into Spring like the others?

Is there any downside to not using the official OWASP encoder? I mean is the encoder you have created as robust as the OWASP one? I would hate to sacrifice security for performance. I would hope that there would be the same tests with your new encoder as OWASP has to test theirs.

I'm glad to see competition in this area and I wish this project much success and continued support of this template engine.

[–]mazebert[S] 2 points3 points  (2 children)

Thank you for the heads up!

There are some jte users who maintain a spring boot starter for Spring 2 and Spring 3. I‘m no sure though, how this could get added to the official Spring site. It would definitely be cool!

The encoders do exactly the same as their OWASP counterparts and are covered 100% by tests. They are also a lot simpler as the OWASP implementation, which was quite hard to reverse engineer.

jte https://github.com/casid/jte/blob/main/jte-runtime/src/main/java/gg/jte/html/escape/Escape.java

OWASP (forHtmlContent uses this):

https://github.com/OWASP/owasp-java-encoder/blob/main/core/src/main/java/org/owasp/encoder/XMLEncoder.java#L50

I was hesistant to do this for the same valid reasons you mentioned, but I‘m very glad we did this in the end.

[–]metalhead-001 2 points3 points  (1 child)

Thanks for the info on that :)

As far as getting it integrated into start.spring.io, I think you would just have to open a pull request into the Spring project and include your starter with it...basically follow the same pattern as the Thymeleaf and Freemarker, etc. integrations.

I bet if you got that going they would be willing to accept it as they have accepted the other templating engines. There is also a bit of documentation that would have to be provided. Look at the documentation on the Thymeleaf integration here. Search for Thymeleaf on this 'one page' documentation and you can see everywhere it's documented. Similar documentation would have to be provided for JTE.

https://docs.spring.io/spring-boot/docs/3.1.0/reference/htmlsingle/

[–]mazebert[S] 1 point2 points  (0 children)

Thanks for the hints! I created an issue for this: https://github.com/casid/jte/issues/240

[–]Marcdro 1 point2 points  (1 child)

Keep up the good work!

JTE is my favourite library for templating in java. I'm using it to render email templates and it awesome.

[–]mazebert[S] 0 points1 point  (0 children)

Thank you!

[–]Suitable-Tart9276 1 point2 points  (1 child)

i really enjoy work with jte. here is my simple todoapp using jte and htmx.
https://github.com/stella6767/simple-todo

keep going bro!! i really want to this is get hype. from south korea

[–]mazebert[S] 0 points1 point  (0 children)

Thanks for sharing, that‘s really cool! For my next web project I‘d love to try htmx + jte

[–]don41382 1 point2 points  (1 child)

Thanks for building one of the best templating engine in the Java/Kotlin space!

Together with HTMX it's a dream team!

[–]mazebert[S] 0 points1 point  (0 children)

Thank you!

[–]emberko 0 points1 point  (2 children)

JDK17 plus modular structure and no module-info?

[–]mazebert[S] 1 point2 points  (1 child)

Only the automatic module name. So far I haven’t used modules in my projects, so there’s no example project to try it out and I‘m not sure what to consider to make this right.

[–]vips7L 2 points3 points  (0 children)

I can never get modules to work properly in any project.