You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2008/07/18 08:44:40 UTC

DO NOT REPLY [Bug 45427] New: Unmatched quotes inside EL break JSP parser

https://issues.apache.org/bugzilla/show_bug.cgi?id=45427

           Summary: Unmatched quotes inside EL break JSP parser
           Product: Tomcat 6
           Version: 6.0.16
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Jasper
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: sflaniga@redhat.com


Created an attachment (id=22277)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=22277)
Simple WAR containing test JSPs for the working and broken expressions. 

According to my reading of Sun's EL spec for JSP 2.1, any of the following
expressions should be legal -
    ${'This string contains unmatched escaped \' single and " double quotes,
inside single quotes'}
    ${"This string contains unmatched ' single and escaped \" double quotes,
inside double quotes"}
    ${"This string contains an ' unescaped single quote, inside double quotes"}
    ${'This string contains an " unescaped, unmatched double quote, inside
single quotes'}

- but in Tomcat, none of the above expressions compiles, at least not when
alone. (In some files, the unmatched quote may be matched inside a later EL
expression. In that case, the JSP will compile, but both expressions, together
with everything in between them, will be merged into one string literal! This
is especially insidious.)

org.apache.jasper.JasperException: /broken1.jsp(2,2) Unterminated ${ tag
org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:40)
org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:407)
org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:132)
org.apache.jasper.compiler.Parser.parseELExpression(Parser.java:763)
org.apache.jasper.compiler.Parser.parseElements(Parser.java:1451)
org.apache.jasper.compiler.Parser.parse(Parser.java:133)
org.apache.jasper.compiler.ParserController.doParse(ParserController.java:216)
org.apache.jasper.compiler.ParserController.parse(ParserController.java:103)
org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:153)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:314)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:294)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:281)
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:566)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:317)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:337)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)


The EL parser implementation seems to think that nested quotes are only escaped
if they are the same (single/double) as the surrounding quotes, but nested
quotes don't have to be closed/matched. The JSP implementation, on the other
hand, seems to think that quotes do have to be matched, unless they are
escaped. For some strings (above), no combination of escaping will make both
parsers happy. I'm not sure whether this is a bug in the JSP implementation, or
perhaps a deficiency in the JSP/EL specs.

I have collected the above expressions which break the parser
(broken[1234].jsp), along with some illegal expressions and some working
expressions (working.jsp) in a small WAR file which is attached to this report.
I don't believe that the files broken[1234].jsp should be causing exceptions.

Note: for some reason, single quoted strings are not allowed(!) to contain
escaped double quotes, and vice versa, so these expressions are illegal, and
thus it's okay that they don't compile (illegal[12].jsp):
    ${"This string contains an \' escaped single quote, inside double quotes"}
    ${'This string contains an \" escaped double quote, inside single quotes'}
(Note that the text of the EL spec implies that these should be legal, but the
EL grammar says otherwise. Not a good sign...)


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 45427] Unmatched quotes inside EL break JSP parser

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=45427





--- Comment #3 from Mark Thomas <ma...@apache.org>  2008-09-17 05:48:08 PST ---
This has been fixed in trunk and proposed for 6.0.x. Thanks for the report.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 45427] Unmatched quotes inside EL break JSP parser

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=45427


Sean Flanigan <sf...@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ilangocal@yahoo.com
             Status|NEEDINFO                    |ASSIGNED




--- Comment #2 from Sean Flanigan <sf...@redhat.com>  2008-08-10 16:23:59 PST ---
Yes, I think the bug should manifest itself on any platform, as long as you're
running Tomcat 6.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 45427] Unmatched quotes inside EL break JSP parser

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=45427


Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED




--- Comment #4 from Mark Thomas <ma...@apache.org>  2008-09-25 03:58:26 PST ---
This has been fixed in 6.0.x and will be included in 6.0.19 onwards.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 45427] Unmatched quotes inside EL break JSP parser

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=45427


ilango <il...@yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO




--- Comment #1 from ilango <il...@yahoo.com>  2008-08-09 14:28:17 PST ---
(In reply to comment #0)
Can I test this under Tomcat under Ubuntu Fiesty Fawn?

thanks
ilango 
> Created an attachment (id=22277)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=22277) [details]
> Simple WAR containing test JSPs for the working and broken expressions. 
> 
> According to my reading of Sun's EL spec for JSP 2.1, any of the following
> expressions should be legal -
>     ${'This string contains unmatched escaped \' single and " double quotes,
> inside single quotes'}
>     ${"This string contains unmatched ' single and escaped \" double quotes,
> inside double quotes"}
>     ${"This string contains an ' unescaped single quote, inside double quotes"}
>     ${'This string contains an " unescaped, unmatched double quote, inside
> single quotes'}
> 
> - but in Tomcat, none of the above expressions compiles, at least not when
> alone. (In some files, the unmatched quote may be matched inside a later EL
> expression. In that case, the JSP will compile, but both expressions, together
> with everything in between them, will be merged into one string literal! This
> is especially insidious.)
> 
> org.apache.jasper.JasperException: /broken1.jsp(2,2) Unterminated ${ tag
> org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:40)
> org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:407)
> org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:132)
> org.apache.jasper.compiler.Parser.parseELExpression(Parser.java:763)
> org.apache.jasper.compiler.Parser.parseElements(Parser.java:1451)
> org.apache.jasper.compiler.Parser.parse(Parser.java:133)
> org.apache.jasper.compiler.ParserController.doParse(ParserController.java:216)
> org.apache.jasper.compiler.ParserController.parse(ParserController.java:103)
> org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:153)
> org.apache.jasper.compiler.Compiler.compile(Compiler.java:314)
> org.apache.jasper.compiler.Compiler.compile(Compiler.java:294)
> org.apache.jasper.compiler.Compiler.compile(Compiler.java:281)
> org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:566)
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:317)
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:337)
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> 
> 
> The EL parser implementation seems to think that nested quotes are only escaped
> if they are the same (single/double) as the surrounding quotes, but nested
> quotes don't have to be closed/matched. The JSP implementation, on the other
> hand, seems to think that quotes do have to be matched, unless they are
> escaped. For some strings (above), no combination of escaping will make both
> parsers happy. I'm not sure whether this is a bug in the JSP implementation, or
> perhaps a deficiency in the JSP/EL specs.
> 
> I have collected the above expressions which break the parser
> (broken[1234].jsp), along with some illegal expressions and some working
> expressions (working.jsp) in a small WAR file which is attached to this report.
> I don't believe that the files broken[1234].jsp should be causing exceptions.
> 
> Note: for some reason, single quoted strings are not allowed(!) to contain
> escaped double quotes, and vice versa, so these expressions are illegal, and
> thus it's okay that they don't compile (illegal[12].jsp):
>     ${"This string contains an \' escaped single quote, inside double quotes"}
>     ${'This string contains an \" escaped double quote, inside single quotes'}
> (Note that the text of the EL spec implies that these should be legal, but the
> EL grammar says otherwise. Not a good sign...)
> 


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org