TC 5.5.27 upgrade JSP tag attribute quoting

[David Wall <d....@computer.org>]

While it makes sense, I was just checking to see if upgrading from 
Tomcat 5.5.26 to 5.5.27, not thinking such an upgrade would require JSP 
source code changes, will hold true going forward with subsequent Tomcat 
releases.

We have a few places where JSP tag attribute values have Java code that 
itself contains double quotes, such as:

<tt:mytag value="<%=("field"+i)%>"/>
or
<tt:mytag value="<%=bean.get("name")%>"/>

In 5.5.26, this compiled okay, but in 5.5.27, it results in an error like:

org.apache.jasper.JasperException: /app/mypage.jsp(43,21) Attribute value ("field"+i) is quoted with " which must be escaped when used within the value
	org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:40)


It does make some sense, yet it worked fine for years.  Is this 
something that will be true going forward with Tomcat releases, or is 
this some sort of "bug" that was introduced in 5.5.27?  It is only 
interesting because even the error message shows it parses the attribute 
value correctly.

Thanks,
David


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: TC 5.5.27 upgrade JSP tag attribute quoting

[LS86 <la...@gmail.com>]

In the file Tomcat 5.5\conf\catalina.properties I simply added this line:

org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false

To get rid of the jasper double quotes error.

Thanks for the link Mark.It was useful.

-LS
-- 
View this message in context: http://www.nabble.com/TC-5.5.27-upgrade-JSP-tag-attribute-quoting-tp19986031p24619281.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: TC 5.5.27 upgrade JSP tag attribute quoting

[Mark Thomas <ma...@apache.org>]

David Wall wrote:
> While it makes sense, I was just checking to see if upgrading from
> Tomcat 5.5.26 to 5.5.27, not thinking such an upgrade would require JSP
> source code changes, will hold true going forward with subsequent Tomcat
> releases.
> 
> We have a few places where JSP tag attribute values have Java code that
> itself contains double quotes, such as:
> 
> <tt:mytag value="<%=("field"+i)%>"/>
> or
> <tt:mytag value="<%=bean.get("name")%>"/>
> 
> In 5.5.26, this compiled okay, but in 5.5.27, it results in an error like:
> 
> org.apache.jasper.JasperException: /app/mypage.jsp(43,21) Attribute
> value ("field"+i) is quoted with " which must be escaped when used
> within the value
>     org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:40)
> 
> 
> 
> It does make some sense, yet it worked fine for years.  Is this
> something that will be true going forward with Tomcat releases, or is
> this some sort of "bug" that was introduced in 5.5.27?  It is only
> interesting because even the error message shows it parses the attribute
> value correctly.

Versions prior to 5.5.27 did not enforce the quoting requirements of the
JSP spec. This was fixed in 5.5.27. You can disable this behaviour. See
http://tomcat.apache.org/tomcat-5.5-doc/config/systemprops.html and look
for STRICT_QUOTE_ESCAPING.

Mark


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org