http://freemarker.org/docs/ref_builtins_string.html
Page Contents
- boolean
- cap_first
- capitalize
- chop_linebreak
- contains
- date, time, datetime
- ends_with
- ensure_ends_with
- ensure_starts_with
- esc
- groups
- html (deprecated)
- index_of
- j_string
- js_string
- json_string
- keep_after
- keep_after_last
- keep_before
- keep_before_last
- last_index_of
- left_pad
- length
- lower_case
- matches
- no_esc
- number
- replace
- right_pad
- remove_beginning
- remove_ending
- rtf (deprecated)
- split
- starts_with
- string (when used with a string value)
- substring (deprecated)
- trim
- uncap_first
- upper_case
- url
- url_path
- word_list
- xhtml (deprecated)
- xml (deprecated)
- Common flags
These built-ins act on a string left-value. However, if the left-value is number or date/time/date-time or boolean (since 2.3.20), it will automatically converted to string according the current number-, date/time/date-time- and boolean-format settings (which are the same formatters that are applied when inserting such values with ${...}
).
boolean
The string converted to boolean value. The string must be true
or false
(case sensitive!), or must be in the format specified by theboolean_format
setting.
If the string is not in the appropriate format, an error will abort template processing when you try to access this built-in.
cap_first
The string with the very first word of the string capitalized. For the precise meaning of ``word‘‘ see the word_list built-in. Example:
${" green mouse"?cap_first} ${"GreEN mouse"?cap_first} ${"- green mouse"?cap_first}
The output:
Green mouse GreEN mouse - green mouse
In the case of "- green mouse"
, the first word is the -
.
capitalize
The string with all words capitalized. For the precise meaning of ``word‘‘ see the word_list built-in. Example:
${" green mouse"?capitalize} ${"GreEN mouse"?capitalize}
The output:
Green Mouse Green Mouse
chop_linebreak
The string without the line-break at its very end if there was a line-break, otherwise the unchanged string.
contains
Note:
This built-in is available since FreeMarker 2.3.1. It doesn‘t exist in 2.3.
Returns if the substring specified as the parameter to this built-in occurrs in the string. For example:
<#if "piceous"?contains("ice")>It contains "ice"</#if>
This will output:
It contains "ice"
date, time, datetime
The string value converted to a date, time, or date-time value. It will expect the format specified by the date_format
, time_format
anddatetime_format
settings. If the string is not in the appropriate format, an error will abort template processing when you try to access this built-in.
<#-- The date_format, time_format and datetime_format settings must match this format! --> <#assign someDate = "Oct 25, 1995"?date> <#assign someTime = "3:05:30 PM"?time> <#assign someDatetime = "Oct 25, 1995 03:05:00 PM"?datetime> <#-- Changing the setting value changes the expected format: --> <#setting datetime_format="iso"> <#assign someDatetime = "1995-10-25T15:05"?datetime>
You can also specify the format explicitly like ?datetime.format
(and hence also as ?datetime["format"]
) or ?datetime("format")
; these three forms do the same. The format can be specified similarly with ?date
and ?time
too. For the syntax and meaning of format values see the possible values of the date_format
, time_format
and datetime_format
settings. Example:
<#-- Parsing XML Schema xs:date, xs:time and xs:dateTime values: --> <#assign someDate = "1995-10-25"?date.xs> <#assign someTime = "15:05:30"?time.xs> <#assign someDatetime = "1995-10-25T15:05:00"?datetime.xs> <#-- Parsing ISO 8601 (both extended and basic formats): --> <#assign someDatetime = "1995-10-25T15:05"?datetime.iso> <#assign someDatetime = "19951025T1505"?datetime.iso> <#-- Parsing with SimpleDateFormat patterns: --> <#assign someDate = "10/25/1995"?date("MM/dd/yyyy")> <#assign someTime = "15:05:30"?time("HH:mm:ss")> <#assign someDatetime = "1995-10-25 03:05 PM"?datetime("yyyy-MM-dd hh:mm a")> <#-- Parsing with custom date formats: --> <#assign someDatetime = "October/25/1995 03:05 PM"[email protected]>
To prevent misunderstandings, the left-hand value need not be a string literal. For example, when you read data from XML DOM (from where all values come as unparsed strings), you may do things like order.confirmDate?date.xs
to convert the string value to a real date.
Of course, the format also can be a variable, like in "..."?datetime(myFormat)
.
Note that since 2.3.24, these built-ins can also be called with 0 arguments, like ?date()
. It‘s almost the same as just writing ?date
. The difference is highly technical and rarely matters: ?date()
and such returns exactly the same Java object that the date parser (freemarker.core.TemplateDateFormat
implementation) returns, while ?date
without the ()
returns a tricky wrapper value that‘s a date and a method and hash on the same time.
ends_with
Returns whether this string ends with the substring specified in the parameter. For example "ahead"?ends_with("head")
returns booleantrue
. Also, "head"?ends_with("head")
will return true
.
ensure_ends_with
Note:
This built-in is available since FreeMarker 2.3.21.
If the string doesn‘t end with the substring specified as the 1st parameter, it adds it after the string, otherwise it returns the original string. For example, both "foo"?ensure_ends_with("/")
and "foo/"?ensure_ends_with("/")
returns "foo/"
.
ensure_starts_with
Note:
This built-in is available since FreeMarker 2.3.21.
If the string doesn‘t start with the substring specified as the 1st parameter, it adds it before the string, otherwise it returns the original string. For example, both "foo"?ensure_starts_with("/")
and "/foo"?ensure_starts_with("/")
returns "/foo"
.
If you specify two parameters, then the 1st parameter is interpreted as a Java regular expression, and if it doesn‘t match the beginning of the string, then the string specified as the 2nd parameter is added before the string. For example someURL?ensure_starts_with("[a-zA-Z]+://", "http://")
will check if the string starts with something that matches "[a-zA-Z]+://"
(note that no ^
is needed), and if it doesn‘t, it prepends "http://"
.
This method also accepts a 3rd flags parameter. As calling with 2 parameters implies "r"
there (i.e., regular expression mode), you rarely need this. One notable case is when you don‘t want the 1st parameter to be interpreted as a regular expression, only as plain text, but you want the comparison to be case-insensitive, in which case you would use "i"
as the 3rd parameter.
esc
Note:
This built-in is available since FreeMarker 2.3.24.
Escapes the value with the current output format, and prevents the auto-escaping of the returned value (to avoid double escaping). Because of auto-escaping, you usually only need this where auto-escaping was disabled:
<#ftl output_format="HTML" auto_esc=false> <#assign s = "R&D"> ${s} ${s?esc}
R&D R&D
In templates, where auto-escaping is on, using it is redundant:
<#ftl output_format="HTML"> <#assign s = "R&D"> ${s} ${s?esc} <#-- ?esc is redundant here -->
R&D R&D
This built-in works by converting the string value to a markup output value, by escaping the string with the current output format, and using the result as the markup. The resulting markup output value belongs to the current output format at the point of the invocation.
This built-in can also be applied on markup output values, which it will bypass without change, as far as the input markup output value belongs to the current output format. If it doesn‘t, then the markup has to be converted to the current output format, which currently (as of 2.3.24) will be only successful if that value was created by escaping plain text (usually, with ?esc
).
This built-in can‘t be used where the current output format is a non-markup output format. An attempt to do so will cause a parse-time error.
This built-in is not related to the deprecated escape
and noescape
directives. In fact, the parser will prevent using them on the same place, to prevent confusion.
groups
This is used only with the result of the matches
built-in. See there...
html (deprecated)
Note:
This built-in is deprecated by the auto-escaping mechanism introduced in 2.3.24. To prevent double escaping and confusion in general, using this built-in on places where auto-escaping is active is a parse-time error. To help migration, this built-in silently bypasses HTML markup output values without changing them.
The string as HTML markup. That is, the string with all:
<
replaced with<
>
replaced with>
&
replaced with&
"
replaced with"
‘
is replaced with'
if the programmers has set theincompatible_improvements
setting to 2.3.24 or higher (also if it‘s set to 2.3.20 or higher and you are outside a string literal). Otherwise‘
won‘t be replaced, so you must use quotation mark ("
, not‘
) to quote attribute values where you want to insert a value safely.
<input type=text name=user value="${user?html}">
Warning!
When inserting the value of an attribute, always quote it, or else it can be exploited by attackers! This is WRONG: <input name="user" value=${user?xhtml}>
. This is good: <input name="user" value="${user?xhtml}">
.
Note that in HTML pages usually you want to use this built-in for all interpolations. You can spare a lot of typing and lessen the chances of accidental mistakes by using the escape
directive.
index_of
Returns the index within this string of the first occurrence of the specified substring. For example, "abcabc"?index_of("bc")
will return 1 (don‘t forget that the index of the first character is 0). Also, you can specify the index to start the search from: "abcabc"?index_of("bc", 2)
will return 4. There is no restriction on the numerical value of the second parameter: if it is negative, it has the same effect as if it were zero, and if it is greater than the length of this string, it has the same effect as if it were equal to the length of this string. Decimal values will be truncated to integers.
If the 1st parameter does not occur as a substring in this string (starting from the given index, if you use the second parameter), then it returns -1.
j_string
Escapes the string with the escaping rules of Java language string literals, so it‘s safe to insert the value into a string literal. Note that it will not add quotation marks around the inserted value; you meant to use this inside the string literal.
All characters under UCS code point 0x20 will be escaped. When they have no dedicated escape sequence in the Java language (like \n
, \t
, etc.), they will be replaced with a UNICODE escape (\uXXXX
).
Example:
<#assign beanName = ‘The "foo" bean.‘> String BEAN_NAME = "${beanName?j_string}";
will output:
String BEAN_NAME = "The \"foo\" bean.";
js_string
Escapes the string with the escaping rules of JavaScript language string literals, so it‘s safe to insert the value into a string literal. Note that it will not add quotation marks around the inserted value; you meant to use this inside the string literal.
Warning!
When inserting into a JavaScript string literal that‘s inside a HTML attribute, you also must escape the value with HTML escaping. Thus, of you don‘t have automatic HTML escaping, this is WRONG: <p onclick="alert(‘${message?js_string}‘)">
, and this is good: <p onclick="alert(‘${message?js_string?html}‘)">
.
Example:
<#assign user = "Big Joe‘s \"right hand\""> <script> alert("Welcome ${user?js_string}!"); </script>
will output:
<script> alert("Welcome Big Joe\‘s \"right hand\"!"); </script>
The exact escaping rules are:
"
is escaped as\"
‘
is escaped as\‘
\
is escaped as\\
/
is escaped as\/
if the/
is directly after<
in the escaped string, or if it‘s at the beginning of the escaped string>
is escaped as\>
if the>
is directly after]]
or--
in the escaped string, or if it‘s at the beginning of the escaped string, or if there‘s only a]
or-
before it at the beginning of the escaped string<
is escaped as\u003C
if it‘s followed by?
or!
in the escaped string, or if it‘s at the end of the escaped string- Control characters in UCS code point ranges U+0000...U+001f and U+007f...U+009f are escaped as
\r
,\n
, etc., or as\xXX
where there‘s no special escape for them in JavaScript. - Control characters with UCS code point U+2028 (Line separator) and U+2029 (Paragraph separator) are escaped as
\uXXXX
, as they are source code line-breaks in ECMAScript.
json_string
Escapes the string with the escaping rules of JSON language string literals, so it‘s safe to insert the value into a string literal. Note that it will not add quotation marks around the inserted value; you meant to use this inside the string literal.
This will not escape ‘
characters, since JSON strings must be quoted with "
.
The escaping rules are almost identical to those documented for js_string
. The differences are that ‘
is not escaped at all, that > is escaped as \u003E (not as \>), and that \uXXXX
escapes are used instead of \xXX
escapes.
keep_after
Note:
This built-in is available since FreeMarker 2.3.21.
Removes the part of the string that is not after the first occurrence of the given substring. For example:
${"abcdefgh"?keep_after("de")}
will print
fgh
If the parameter string is not found, it will return an empty string. If the parameter string is a 0-length string, it will return the original string unchanged.
This method accepts an optional flags parameter, as its 2nd parameter:
${"foo : bar"?keep_after(r"\s*:\s*", "r")}
will print
bar
keep_after_last
Note:
This built-in is available since FreeMarker 2.3.22.
Same as keep_after
, but keeps the part after the last occurrence of the parameter, rather than after the first. Example:
${"foo.bar.txt"?keep_after_last(".")}
will print
txt
while with keep_after
you would get bar.txt
.
keep_before
Note:
This built-in is available since FreeMarker 2.3.21.
Removes the part of the string that starts with the given substring. For example:
${"abcdef"?keep_before("de")}
will print
abc
If the parameter string is not found, it will return the original string unchanged. If the parameter string is a 0-length string, it will return an empty string.
This method accepts an optional flags parameter, as its 2nd parameter:
${"foo : bar"?keep_before(r"\s*:\s*", "r")}
will print
foo
keep_before_last
Note:
This built-in is available since FreeMarker 2.3.22.
Same as keep_before
, but keeps the part before the last occurrence of the parameter, rather than after the first. Example:
${"foo.bar.txt"?keep_after_last(".")}
will print
foo.bar
while with keep_before
you would get foo
.
last_index_of
Returns the index within this string of the last (rightmost) occurrence of the specified substring. It returns the index of the first (leftmost) character of the substring. For example: "abcabc"?last_index_of("ab")
will return 3. Also, you can specify the index to start the search from. For example, "abcabc"?last_index_of("ab", 2)
will return 0. Note that the second parameter indicates the maximum index of the start of the substring. There is no restriction on the numerical value of the second parameter: if it is negative, it has the same effect as if it were zero, and if it is greater than the length of this string, it has the same effect as if it were equal to the length of this string. Decimal values will be truncated to inegers.
If the 1st parameter does not occur as a substring in this string (before the given index, if you use the second parameter), then it returns -1.
left_pad
Note:
This built-in is available since FreeMarker 2.3.1.
If it‘s used with 1 parameter, then it inserts spaces on the beginning of the string until it reaches the length that is specified as the parameter. If the string is already as long or longer than the specified length, then it does nothing. For example, this:
[${""?left_pad(5)}] [${"a"?left_pad(5)}] [${"ab"?left_pad(5)}] [${"abc"?left_pad(5)}] [${"abcd"?left_pad(5)}] [${"abcde"?left_pad(5)}] [${"abcdef"?left_pad(5)}] [${"abcdefg"?left_pad(5)}] [${"abcdefgh"?left_pad(5)}]
will output this:
[ ] [ a] [ ab] [ abc] [ abcd] [abcde] [abcdef] [abcdefg] [abcdefgh]
If it‘s used with 2 parameters, then the 1st parameter means the same as if you were using the built-in with only 1 parameter, and the second parameter specifies what to insert instead of space characters. For example:
[${""?left_pad(5, "-")}] [${"a"?left_pad(5, "-")}] [${"ab"?left_pad(5, "-")}] [${"abc"?left_pad(5, "-")}] [${"abcd"?left_pad(5, "-")}] [${"abcde"?left_pad(5, "-")}]
will output this:
[-----] [----a] [---ab] [--abc] [-abcd] [abcde]
The 2nd parameter can be a string whose length is greater than 1. Then the string will be inserted periodically, for example:
[${""?left_pad(8, ".oO")}] [${"a"?left_pad(8, ".oO")}] [${"ab"?left_pad(8, ".oO")}] [${"abc"?left_pad(8, ".oO")}] [${"abcd"?left_pad(8, ".oO")}]
will output this:
[.oO.oO.o] [.oO.oO.a] [.oO.oOab] [.oO.oabc] [.oO.abcd]
The 2nd parameter must be a string value, and it must be at least 1 character long.
length
The number of characters in the string.
lower_case
The lower case version of the string. For example "GrEeN MoUsE"?lower_case
will be "green mouse"
.
matches
This is a ``power user‘‘ built-in. Ignore it if you don‘t know regular expressions.
This built-in determines if the string exactly matches the pattern. Also, it returns the list of matching sub-strings. The return value is a multi-type value:
- Boolean:
true
, if it the entire string matches the pattern, otherwisefalse
. For example,"fooo"?matches(‘fo*‘)
istrue
, but"fooo bar"?matches(‘fo*‘)
isfalse
. - Sequence: the list of matched substrings of the string. Possibly a 0 length sequence.
For example:
<#if "fxo"?matches("f.?o")>Matches.<#else>Does not match.</#if> <#assign res = "foo bar fyo"?matches("f.?o")> <#if res>Matches.<#else>Does not match.</#if> Matching sub-strings: <#list res as m> - ${m} </#list>
will print:
Matches. Does not match. Matching sub-strings: - foo - fyo
If the regular expression contains groups (parentheses), then you can access them with the groups
built-in:
<#-- Entire input match --> <#assign res = "John Doe"?matches(r"(\w+) (\w+)")> <#if res> <#-- Must not try to access groups if there was no match! --> First name: ${res?groups[1]} Second name: ${res?groups[2]} </#if> <#-- Subtring matches --> <#assign res = "aa/rx; ab/r;"?matches("(.+?)/*(.+?);")> <#list res as m> - "${m}" is "${m?groups[1]}" per "${m?groups[2]}" </#list>
This will print:
First name: John Second name: Doe - "aa/rx;" is "a" per "a/rx" - " ab/r;" is " " per "ab/r"
Note above that groups
has worked both with substring matches and with the result of entire string matching.
matches
accepts an optional 2nd parameter, the flags. Note that it doesn‘t support flag f
, and ignores the r
flag.
no_esc
Note:
This built-in is available since FreeMarker 2.3.24.
Prevents the auto-escaping of a value. For example:
<#ftl output_format="HTML"> <#assign s = "<b>Test</b>"> ${s} ${s?no_esc}
<b>Test</b> <b>Test</b>
This works by converting the string value to a markup output value, which uses the string as the markup as is, and belongs to the current output format at the point of the invocation.
This built-in can also be applied on markup output values, which it will bypass without change, as far as the input markup output value belongs to current output format. If it doesn‘t, then the markup has to be converted to the current output format, which currently (as of 2.3.24) will be only successful if that value was created by escaping plain text (usually, with ?esc
).
This built-in can‘t be used where the current output format is a non-markup output format. An attempt to do so will cause a parse-time error.
This built-in is not related to the deprecated escape
and noescape
directives. In fact, the parser will prevent using them on the same place, to prevent confusion.
number
The string converted to numerical value. The number must be in "computer language" format. That is, it must be in the locale independent form, where the decimal separator is dot, and there‘s no grouping.
This built-in recognizes numbers in the format that the FreeMarker template language uses. In additionally, it recognizes scientific notation (e.g. "1.23E6"
, "1.5e-8"
). Since FreeMarker 2.3.21, it also recognizes all XML Schema number formats, like NaN
, INF
, -INF
, plus the Java-native formats Infinity
and -Infinity
.
If the string is not in the appropriate format, an error will abort template processing when you try to access this built-in.
In fact, the string is parsed by the toNumber
method of the current arithmetic_engine
, which is configuration setting. However, that method should behave similarly as described above.
replace
It is used to replace all occurrences of a string in the original string with another string. It does not deal with word boundaries. For example:
${"this is a car acarus"?replace("car", "bulldozer")}
will print:
this is a bulldozer abulldozerus
The replacing occurs in left-to-right order. This means that this:
${"aaaaa"?replace("aaa", "X")}
will print:
Xaa
If the 1st parameter is an empty string, then all occurrences of the empty string will be replaced, like "foo"?replace("","|")
will evaluate to "|f|o|o|"
.
replace
accepts an optional flags parameter, as its 3rd parameter.
right_pad
Note:
This built-in is available since FreeMarker 2.3.1. It doesn‘t exist in 2.3.
This is the same as left_pad
, but it inserts the characters at the end of the string instead of the beginning of the string.
Example:
[${""?right_pad(5)}] [${"a"?right_pad(5)}] [${"ab"?right_pad(5)}] [${"abc"?right_pad(5)}] [${"abcd"?right_pad(5)}] [${"abcde"?right_pad(5)}] [${"abcdef"?right_pad(5)}] [${"abcdefg"?right_pad(5)}] [${"abcdefgh"?right_pad(5)}] [${""?right_pad(8, ".oO")}] [${"a"?right_pad(8, ".oO")}] [${"ab"?right_pad(8, ".oO")}] [${"abc"?right_pad(8, ".oO")}] [${"abcd"?right_pad(8, ".oO")}]
This will output this:
[ ] [a ] [ab ] [abc ] [abcd ] [abcde] [abcdef] [abcdefg] [abcdefgh] [.oO.oO.o] [aoO.oO.o] [abO.oO.o] [abc.oO.o] [abcdoO.o]
remove_beginning
Note:
This built-in is available since FreeMarker 2.3.21.
Removes the parameter substring from the beginning of the string, or returns the original string if it doesn‘t start with the parameter substring. For example:
${"abcdef"?remove_beginning("abc")} ${"foobar"?remove_beginning("abc")}
will print:
def foobar
remove_ending
Note:
This built-in is available since FreeMarker 2.3.21.
Removes the parameter substring from the ending of the string, or returns the original string if it doesn‘t end with the parameter substring. For example:
${"abcdef"?remove_ending("def")} ${"foobar"?remove_ending("def")}
will print:
abc foobar
rtf (deprecated)
Note:
This built-in is deprecated by the auto-escaping mechanism introduced in 2.3.24. To prevent double escaping and confusion in general, using this built-in on places where auto-escaping is active is a parse-time error. To help migration, this built-in silently bypasses RTF markup output values without changing them.
The string as Rich text (RTF text). That is, the string with all:
\
replaced with\\
{
replaced with\{
}
replaced with\}
split
It is used to split a string into a sequence of strings along the occurrences of another string. For example:
<#list "someMOOtestMOOtext"?split("MOO") as x> - ${x} </#list>
will print:
- some - test - text
Note that it is assumed that all occurrences of the separator is before a new item (except with "r"
flag - see later), thus:
<#list "some,,test,text,"?split(",") as x> - "${x}" </#list>
will print:
- "some" - "" - "test" - "text" - ""
split
accepts an optional flags parameter, as its 2nd parameter. There‘s a historical glitch with the r
(regular expression) flag; it removes the empty elements from the end of the resulting list, so with ?split(",", "r")
in the last example the last ""
would be missing from the output.
Note:
To check if a strings ends with something and append it otherwise, use the ensure_ends_with
built-in.
starts_with
Returns if this string starts with the specified substring. For example "redirect"?starts_with("red")
returns boolean true
. Also,"red"?starts_with("red")
will return true
.
Note:
To check if a strings starts with something and prepend it otherwise, use theensure_starts_with
built-in.
string (when used with a string value)
Does nothing, just returns the string as-is. The exception is that if the value is a multi-type value (e.g. it is both string and sequence at the same time), then the resulting value will be only a simple string, not a multi-type value. This can be utilized to prevent the artifacts of multi-typing.
substring (deprecated)
Note:
This built-in is deprecated since FreeMarker 2.3.21 by slicing expressions, like str[from..<toExclusive]
, str[from..]
, and str[from..*maxLength]
.
A warning if you are processing XML: Since slicing expressions work both for sequences and strings, and since XML nodes are typically both sequences and strings at the same time, there the equivalent expression is someXmlNode?string[from..<toExclusive]
and exp?string[from..]
, as without ?string
it would slice the node sequence instead of the text value of the node.
Note:
Some of the typical use-cases of string slicing is covered by convenient built-ins: remove_beginning
, remove_ending
, keep_before
, keep_after
, keep_before_last
,keep_after_last
Synopsis: exp?substring(from, toExclusive)
, also callable as exp?substring(from)
A substring of the string. from
is the index of the first character. It must be a number that is at least 0 and less than or equal withtoExclusive
, or else an error will abort the template processing. The toExclusive
is the index of the character position after the last character of the substring, or with other words, it is one greater than the index of the last character. It must be a number that is at least 0 and less than or equal to the length of the string, or else an error will abort the template processing. If the toExclusive
is omitted, then it defaults to the length of the string. If a parameter is a number that is not an integer, only the integer part of the number will be used.
Example:
- ${‘abc‘?substring(0)} - ${‘abc‘?substring(1)} - ${‘abc‘?substring(2)} - ${‘abc‘?substring(3)} - ${‘abc‘?substring(0, 0)} - ${‘abc‘?substring(0, 1)} - ${‘abc‘?substring(0, 2)} - ${‘abc‘?substring(0, 3)} - ${‘abc‘?substring(0, 1)} - ${‘abc‘?substring(1, 2)} - ${‘abc‘?substring(2, 3)}
The output:
- abc - bc - c - - - a - ab - abc - a - b - c
trim
The string without leading and trailing white-space. Example:
(${" green mouse "?trim})
The output:
(green mouse)
uncap_first
The opposite of cap_first
. The string with the very first word of the string un-capitalized.
upper_case
The upper case version of the string. For example "GrEeN MoUsE"
will be "GREEN MOUSE"
.
url
Note:
This built-in is available since FreeMarker 2.3.1. It doesn‘t exist in 2.3.
The string after URL escaping. This means that all non-US-ASCII and reserved URL characters will be escaped with %XX
. For example:
<#assign x = ‘a/b c‘> ${x?url}
The output will be (assuming that the charset used for the escaping is an US-ASCII compatible charset):
a%2Fb%20c
Note that it escapes all reserved URL characters (/
, =
, &
, ...etc), so this encoding can be used for encoding query parameter values, for example:
<a href="foo.cgi?x=${x?url}&y=${y?url}">Click here...</a>
Note:
Above no HTML encoding (?html
) was needed, because URL escaping escapes all reserved HTML characters anyway. But watch: always quote the attribute value, and always with normal quotation mark ("
), never with apostrophe quotation mark (‘
), because apostrophe quotation mark is not escaped by the URL escaping.
To do URL escaping a charset must be chosen that will be used for calculating the escaped parts (%XX
). If you are HTML page author and you don‘t really understand this, don‘t worry: the programmers should configure FreeMarker so that it uses the proper charset by default (programmers: see more below...). If you are a more technical minded user, then you may want to know that the charset used is specified by the url_escaping_charset
setting, that can be set in template execution time (or, preferably, earlier by the programmers). For example:
<#-- This will use the charset specified by the programmers before the template execution has started. --> <a href="foo.cgi?x=${x?url}">foo</a> <#-- Use UTF-8 charset for URL escaping from now: --> <#setting url_escaping_charset="UTF-8"> <#-- This will surely use UTF-8 charset --> <a href="bar.cgi?x=${x?url}">bar</a>
Furthermore, you can explicitly specify a charset for a single URL escaping as the parameter to the built-in:
<a href="foo.cgi?x=${x?url(‘ISO-8895-2‘)}">foo</a>
If the url
built-in has no parameter, then it will use the charset specified as the value of the url_escaping_charset
setting. This setting should be set by the software that encloses FreeMarker (e.g. a Web application framework), because it is not set (null
) by default. If it is not set, then FreeMarker falls back using the value of the output_encoding
setting, which is also not set by default, so it is again the task of the enclosing software. If the output_encoding
setting is not set either, then the parameterless url
built-in can‘t be executed, and it will cause execution time error. Of course, the url
built-in with parameter always works.
It‘s possible to set url_escaping_charset
in the template with the setting
directive, but it is bad practice, at least in true MVC applications. The output_encoding
setting can‘t be set with the setting
directive, so that‘s surely the task of the enclosing software. You may find more information regarding this here...
url_path
Note:
This built-in is available since FreeMarker 2.3.21.
This is the same as the url
built-in, except that it doesn‘t escape slash (/
) characters. This meant to be used for converting paths (like paths coming from the OS or some content repository) that use slash (not backslash!) to a path the can be inserted into an URL. The most common reason why this conversion is needed is that folder names or file names might contain non-US-ASCII letters ("national" characters).
Note:
Just like with the url
built-in, the desired URL escaping charset (or as a fall back, the output encoding) must be set in the FreeMarker configuration settings, or else the built-in will give error. Or, you you have to specify the charset like somePath?url_path(‘utf-8‘)
.
word_list
A sequence that contains all words of the string in the order as they appear in the string. Words are continual character sequences that contain any character but white-space. Example:
<#assign words = " a bcd, . 1-2-3"?word_list> <#list words as word>[${word}]</#list>
will output:
[a][bcd,][.][1-2-3]
xhtml (deprecated)
Note:
This built-in is deprecated by the auto-escaping mechanism introduced in 2.3.24. To prevent double escaping and confusion in general, using this built-in on places where auto-escaping is active is a parse-time error. To help migration, this built-in silently bypasses HTML markup output values without changing them.
The string as XHTML text. That is, the string with all:
<
replaced with<
>
replaced with>
&
replaced with&
"
replaced with"
‘
replaced with'
The only difference between this built-in and the xml
built-in is that the xhtml
built-in escapes ‘
as '
instead of as '
, because some older browsers don‘t know '
.
Warning!
When inserting the value of an attribute, always quote it, or else it can be exploited by attacker! This is WRONG: <input name="user" value=${user?xhtml}/>
. These are good: <input name="user" value="${user?xhtml}"/>
, <input name="user" value=‘${user?xhtml}‘/>
.
xml (deprecated)
Note:
This built-in is deprecated by the auto-escaping mechanism introduced in 2.3.24. To prevent double escaping and confusion in general, using this built-in on places where auto-escaping is active is a parse-time error. To help migration, this built-in silently bypasses XML and HTML markup output values without changing them.
The string as XML text. That is, the string with all:
<
replaced with<
>
replaced with>
&
replaced with&
"
replaced with"
‘
replaced with'
Warning!
When inserting the value of an attribute, always quote it, or else it can be exploited by attackers! This is WRONG: <input name="user" value=${user?xml}/>
. These are good: <input name="user" value="${user?xml}"/>
, <input name="user" value=‘${user?xml}‘/>
.
Common flags
Many string built-ins accept an optional string parameter, the so called ``flags‘‘. In this string, each letter influences a certain aspect of the behavior of the built-in. For example, letter i
means that the built-in should not differentiate the lower and upper-case variation of the same letter. The order of the letters in the flags string is not significant.
This is the complete list of letters (flags):
i
: Case insensitive: do not differentiate the lower and upper-case variation of the same letter.f
: First only. That is, replace/find/etc. only the first occurrence of something.r
: The substring to find is a regular expression. FreeMarker uses the variation of regular expressions described at http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html (note that the presence of some pattern features depends on the Java version used).m
: Multi-line mode for regular expressions. In multi-line mode the expressions^
and$
match just after or just before, respectively, a line terminator or the end of the string. By default these expressions only match at the beginning and the end of the entire string. Note that^
and$
doesn‘t match the line-break character itself.s
: Enables dot-all mode for regular expressions (same as Perl singe-line mode). In dot-all mode, the expression.
matches any character, including a line terminator. By default this expression does not match line terminators.c
: Permits whitespace and comments in regular expressions.
Example:
<#assign s = ‘foo bAr baar‘> ${s?replace(‘ba‘, ‘XY‘)} i: ${s?replace(‘ba‘, ‘XY‘, ‘i‘)} if: ${s?replace(‘ba‘, ‘XY‘, ‘if‘)} r: ${s?replace(‘ba*‘, ‘XY‘, ‘r‘)} ri: ${s?replace(‘ba*‘, ‘XY‘, ‘ri‘)} rif: ${s?replace(‘ba*‘, ‘XY‘, ‘rif‘)}
This outputs this:
foo bAr XYar i: foo XYr XYar if: foo XYr baar r: foo XYAr XYr ri: foo XYr XYr rif: foo XYr baar
This is the table of built-ins that use these common flags, and which supports which flags:
Built-in | i (ignore case) |
r (reg. exp.) |
m (multi-line mode) |
s (dot-all mode) |
c (whitesp. and comments) |
f (first only) |
---|---|---|---|---|---|---|
replace |
Yes | Yes | Only with r |
Only with r |
Only with r |
Yes |
split |
Yes | Yes | Only with r |
Only with r |
Only with r |
No |
matches |
Yes | Ignored | Yes | Yes | Yes | No |
keep_after |
Yes | Yes | Yes | Yes | Yes | Ignored |
keep_after_last |
Yes | Yes | Yes | Yes | Yes | Ignored |
keep_before |
Yes | Yes | Yes | Yes | Yes | Ignored |
keep_before_last |
Yes | Yes | Yes | Yes | Yes | Ignored |
ensure_starts_with |
Yes | Ignored | Yes | Yes | Yes | Ignored |