search

casid / jte

Secure and speedy templates for Java and Kotlin.
https://jte.gg
Apache License 2.0
844 stars 63 forks source link

String input instead of file input #352

Closed M-Plu closed 7 months ago

M-Plu commented 7 months ago

Hi,

currently I create the jte-files as templates.

Sometimes I do not have a file but a short string containing the jte-file-content. Is there a way to use this string directly as in input instead of a template file?

If there is no possibilty at the moment, would it be possible to add a String input in the future?

casid commented 7 months ago

Hey @M-Plu,

I'm not entirely sure what you want to try to achieve. Maybe you could provide a code example of what you want to do?

Cheers!

M-Plu commented 7 months ago

Hey @casid

sure. Currently I have JTE files in the project resources. Then I use the following code to create a string output with these files.

CodeResolver codeResolver = new ResourceCodeResolver("de/svws_nrw/module/reporting");
TemplateEngine templateEngine = TemplateEngine.create(codeResolver, ContentType.Html);
templateEngine.setTrimControlStructures(true);
StringOutput output = new StringOutput();
templateEngine.render("jte/schule.jte", reportingSchule, output);

So the CodeResolver needs a folder and the templateEngine.render method needs a file.

What I would like to do is passing a string (with content of a JTE file) to the templateEngine.render method, e. g. 

var myString = """
@import ...
@param ..."""

CodeResolver codeResolver = new **String**CodeResolver();
TemplateEngine templateEngine = TemplateEngine.create(codeResolver, ContentType.Html);
templateEngine.setTrimControlStructures(true);
StringOutput output = new StringOutput();
templateEngine.render(**myString**, reportingSchule, output);

I hope that makes sense to you. Thank you for your help.

kelunik commented 7 months ago

Could you share some details on your use case?

M-Plu commented 7 months ago

Currently we test JTE as a replacement for thymeleaf.

We have created a server-side PDF-Reporting with thymeleaf and OpenHtmlToPDF.

One plan is to store those html-templates in the DB of the project (instead of the resources of teh project). So it would be nice to pass the html-template from DB directly to the template-engine.

With thymeleaf this is possible, in JTE I did not find a way to do the same.

casid commented 7 months ago

@M-Plu you could implement the CodeResolver interface, so that templates are loaded from the database.

However, I wouldn't recommend jte for your usecase.

First, there probably won't be any IDE support for templates in the database, so maintaining the templates could become easily a pain, since jte without code completion is pretty hard to write. Think of Java without an IDE.

Second, you would need to run a JDK compiler in production. When a bad actor somehow is able to insert a jte template in your database, it will be compiled and you instantly have a remote code execution problem.

jte is really meant to be used in a way like regular code. Part of the repository and precompiled before running in production, like regular Java code.

Hope this helps with your decision!

M-Plu commented 7 months ago

@casid Thank you for your feedback and opinion. We will keep it in mind.