You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2014/03/17 23:22:36 UTC
[Bug 55198] Quote entity in html element attribute evaluated in tagx
if attribute contains EL expression
https://issues.apache.org/bugzilla/show_bug.cgi?id=55198
--- Comment #8 from Konstantin Kolinko <kn...@gmail.com> ---
For reference:
(In reply to Evan Greensmith from comment #0)
>
> If your tagx file contains an html element such as
> <a href="#" onclick="window.alert("Hello World!")">foobar</a>
> It renders as
> <a href="#" onclick="window.alert("Hello World!")">foobar</a>
>
Technically, the textual value of the attribute of an xml tag, as returned by
XML parser here is [window.alert("Hello World!")].
The legacy behaviour - in 7.0.42 here is that when printing the tag attributes
the double quotes are replaced (") -> ("). In the tag next no
replacements are performed.
This behaviour is applied to the double quotes only, but not to other special
symbols.
Using the OP's test.war if I replace the first (non-EL) tag in clickme.tag and
clickme.tagx with the following:
<li><a href="#" onclick="window.alert("<&>'Hello
World!")">Click me to display "<&>'Hello
World!"</a></li>
Tomcat 7.0.42 renders it as following:
- for clickme.tag:
<li><a href="#" onclick="window.alert("<&>'Hello
World!")">Click me to display "<&>'Hello
World!"</a></li>
- for clickme.tagx:
<li><a onclick="window.alert("<&>'Hello World!")" href="#">Click me
to display "<&>'Hello World!"</a></li>
Note that tag file renders as the source is, tagx file renders the texts as
returned by XML parser, only replacing "->" in tag attribute, but nowhere
else.
I am not saying that this is correct. I am just documenting the legacy
behaviour.
In the code, the place responsible for s/"/"/ replacement is
Generator$GenerateVisitor.visit(Node.UninterpretedTag n),
out.print(DOUBLE_QUOTE);
out.print(attrs.getValue(i).replace("\"", """));
out.print(DOUBLE_QUOTE);
If attribute value does not contain double quote chars (e.g. xml-escaping has
already been applied to it during previous processing), it will be printed as
is.
For reference,
regressions related to an attempt to fix this issue thus far are:
https://issues.apache.org/bugzilla/show_bug.cgi?id=56265
https://issues.apache.org/bugzilla/show_bug.cgi?id=56029
https://issues.apache.org/bugzilla/show_bug.cgi?id=55735
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org