You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jona Sahnwaldt <jo...@gmx.de> on 2001/05/08 14:00:38 UTC

Re: JSP quoting and escape conventions

<% out.println("testing %\>"); %>
doesn't work...

I think this is a bug in Tomcat. -> Use The Source, Luke!
The following code is from Tomcat 3.2. Seems to be from late Nov/early Dec 2000.

>From org.apache.jasper.compiler.JspUtil.java:

    public static char[] removeQuotes(char []chars) {
	CharArrayWriter caw = new CharArrayWriter();
	for (int i = 0; i < chars.length; i++) {
/**/	    if (chars[i] == '%' && chars[i+1] == '\\' &&
/**/		chars[i+2] == '\\' && chars[i+3] == '>') {
		caw.write('%');
		caw.write('>');
		i = i + 3;
	    }
	    else caw.write(chars[i]);
	}
	return caw.toCharArray();
    }

The two lines marked with /**/ mean that writing

<% out.println("testing %\\>"); %>

works and prints:

testing %>

This differs from the spec.

(Besides, trying to parse
<% // this will fail: %\\%>
will throw an ArrayIndexOutOfBoundsException.)

Cheers,
Jona.

--------------------------------------------------------------------------------
-
>From http://www2.real-time.com/pipermail/tomcat-users/2001-February/023848.html
:
--------------------------------------------------------------------------------
-

Craig, I know you're the man, but it seems that the JSP Spec 1.1 says that
the JSP compiler should translate a %\> into %> and keep going looking for a
%> just to that his example would work.

"Section 2.4 Quoting and Escape Conventions" seems to me to say that in the
example he lists (here it is again :)
<% String foo = "testing %\>"; %>

should be allowable and that the JSP compiler should generate a line like :
String foo = "testing %>";

While I agree that
String foo = "testing %\>";
is invalid java code, it is the JSP compilers responsibility to convert the
JSP escape sequence.

Thanks,
Paul


-----Original Message-----
From: Craig R. McClanahan [mailto:Craig.McClanahan@eng.sun.com]
Sent: Wednesday, February 21, 2001 3:26 PM
To: tomcat-user@jakarta.apache.org
Subject: Re: JSP quoting and escape conventions


William Au wrote:

> Yes, I see what you mean.  I guess it is a matter of what happen first.
> If the escape happens first, then the JSP
>
> <% String foo = "testing %\>"; %>
>
> would be translate to the following java code
>
> String foo = "testing %>";
>
> Then it would be valid java code.
>
> However, it seems to me in Tomcat, the translation happens first so the
> following
> invalid java code is generated:
>
> String foo = "testing %\>";
>

What is happening first is what *has* to happen first -- the JSP parser
sees the
"%\>" but recognizes (correctly) that this is not the end of the
scriptlet.  This
is exactly in accordance to the spec.

Therefore, all of the text between the "<%" and the "%>" is passed
through to the
language compiler for the scripting language (Java in this case),
uninterpreted
by the JSP page compiler.  The uninterpreted code is not valid Java
syntax, and
therefore violates the JSP specification -- just the same as if you
forgot a
quote around the string literal, or omitted a required semicolon, or
made some
other error in Java syntax.

>
> Bill

Craig

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-user-help@jakarta.apache.org