You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2013/11/02 07:14:56 UTC
[Bug 55735] New: Additional quote entity in html element attribute
evaluated in tagx if attribute contains EL expression
https://issues.apache.org/bugzilla/show_bug.cgi?id=55735
Bug ID: 55735
Summary: Additional quote entity in html element attribute
evaluated in tagx if attribute contains EL expression
Product: Tomcat 7
Version: 7.0.47
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P2
Component: Jasper
Assignee: dev@tomcat.apache.org
Reporter: azuo.lee@sohu.com
Well, after fix for Bug 55198, if a tag file contains
<a href="#" onclick="window.alert("${text}")">foobar</a>
It can now be correctly rendered as (if text='foobar')
<a href="#" onclick="window.alert("foobar")">foobar</a>
But, It is rendered completely wrongly as ***** IF text='&foobar' *****
<a href="#" onclick="window.alert("&amp;foobar")">foobar</a>
The EL expression ${text} should be rendered without any escape, but now it is
escaped just as other literal part in the attribute.
Generally, a tagx file's compiler must not make any assumption that it's output
is a well-formed XML or not, it should just keep the literal atrribute or text
as is, and output any EL expression directly. It's the tagx file's author's
reponsibility to determine whether a text variable should be escaped, e.g.:
<a href="#" onclick="window.alert("${fn:escape(text)}")">foobar</a>
Suppose we have:
request.setAttribute("text", "2 > 1");
And in a tagx file:
<div title=""${text}"">"${text}"</div>
The correct output could be:
<div title=""2 > 1"">"2 > 1"</div>
But neither
<div title=""2 &gt; 1"">"2 > 1"</div>
nor
<div title=""2 > 1"">"2 > 1"</div>
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55735] Additional quote entity in html element attribute
evaluated in tagx if attribute contains EL expression
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55735
--- Comment #1 from azuo.lee@sohu.com ---
Um... it seems JSP spec doesn't clarify the behavior at all...
But XSLT does. If we "borrow" rules from XSLT, then some correct examples could
be (text="2 > 1"):
tagx/jspx: <div title=""${text}"">ABCD</div>
output: <div title=""2 &gt; 1"">ABCD</div>
tagx/jspx: <div>"<c:out value="&nbsp;${text}""
escapeXml="false"></div>
output: <div>" 2 > 1"</div>
But XSLT doesn't allow expressions in template text, thus, what can be the
correct result generated by the following example?
tagx/jspx: <div>"${text}"</div>
Should it be
output: <div>"2 &gt; 1"</div>
or
output: <div>"2 > 1"</div>
or
output: <div>"2 > 1"</div>
or
output: <div>"2 &gt; 1"</div>
????????
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55735] Additional quote entity in html element attribute
evaluated in tagx if attribute contains EL expression
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55735
--- Comment #2 from azuo.lee@sohu.com ---
Conclusion:
1. If you use jspx or tagx, then never use any EL expressions within attribute
values, and always use JSTL <out> tag to output expression values within
template content -- unless you know the expression value must not contain any
XML reserved characters;
2. Do not use jspx or tagx at all, use jsp and tag files instead -- whose
behaviors are relatively determined.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55735] Additional quote entity in html element attribute
evaluated in tagx if attribute contains EL expression
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55735
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #4 from Mark Thomas <ma...@apache.org> ---
I've updated the back-port proposal for 55198 to include the fix for this
regression so there is no need to keep this bug open.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55735] Additional quote entity in html element attribute
evaluated in tagx if attribute contains EL expression
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55735
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|Jasper |Jasper
Version|7.0.47 |unspecified
Product|Tomcat 7 |Tomcat 6
Target Milestone|--- |default
Severity|critical |normal
--- Comment #3 from Mark Thomas <ma...@apache.org> ---
Thanks for the report. This was a regression in the fix for bug55198.
This has been fixed in trunk for 8.0.0-RC6 onwards.
This has been fixed in 7.0.x for 7.0.48 onwards.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org