You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by "Uther, James" <Ja...@F-Secure.com> on 2001/09/26 13:30:21 UTC

%=x% expression syntax bug in XML jsp?

Hi All,

My reading of ParserXJspSaxHandler.java suggests that the shorthand
expression syntax for jsp1.3 xml documents (%=x%) is not handled in
'uninterpreted' tags (ie: tags that are not taglibs or jsp:).

Is this a bug or per spec? My reading of the spec suggests it's a bug, but i
could well be missing something.

The problem can be illustrated as follows:

take this jsp page
---------------
<?xml version="1.0" encoding="ISO-8859-1"?>

<jsp:root version="1.2" xmlns:jsp="http://java.sun.com/JSP/Page">
<jsp:directive.page contentType="test/xml+svg" />
<jsp:scriptlet><![CDATA[
	String t = "test";
	String xpos = "10";
]]></jsp:scriptlet>

	<jsp:text><![CDATA[<?xml version="1.0" encoding="ISO-8859-1" ?>

	]]></jsp:text>
	<svg width="100" height="100" xmlns='http://www.w3.org/2000/svg'>
		<text y="10"
x="%=xpos%"><jsp:expression>t</jsp:expression></text>
	</svg>
</jsp:root>
---------------

My problem is that the 
   x="%=xpos%" 
expression is not expanded (in tomcat 4.0), so the generated SVG document
looks like

<snippet>
  <text y="10" x="%=xpos%">test</text>
</snippet>

cheers,

james

-- 
James Uther                   www.F-Secure.com
Senior Software Engineer  F-Secure Corporation  

        Securing the Mobile Enterprise

Re: %=x% expression syntax bug in XML jsp?

Posted by "Craig R. McClanahan" <cr...@apache.org>.

On Wed, 26 Sep 2001, Uther, James wrote:

> Date: Wed, 26 Sep 2001 14:30:21 +0300
> From: "Uther, James" <Ja...@F-Secure.com>
> Reply-To: tomcat-dev@jakarta.apache.org
> To: tomcat-dev@jakarta.apache.org
> Subject: %=x% expression syntax bug in XML jsp?
>
> Hi All,
>
> My reading of ParserXJspSaxHandler.java suggests that the shorthand
> expression syntax for jsp1.3 xml documents (%=x%) is not handled in
> 'uninterpreted' tags (ie: tags that are not taglibs or jsp:).
>
> Is this a bug or per spec? My reading of the spec suggests it's a bug, but i
> could well be missing something.
>

My understanding (confirmed by talking with the JSP spec lead) is that
this is not a bug, but is operating per design.

If you made parsing "%=x%" work in template text (which is what the JSP
compiler thinks you are processing when you're not inside a custom tag),
then users would have to escape this kind of character string
*everywhere*, not just in what looks like a tag attribute.

Also, there's no requirement that the template text itself look like HTML
or XML (i.e. it doesn't have to have a syntax that looks like elements
with attributes).  So, the JSP compiler cannot attach any semantic
significance to what "looks like" a tag but is not a tag it recognizes
(i.e. a built-in <jsp:xxx> tag or a defined custom tag).

> The problem can be illustrated as follows:
>
> take this jsp page
> ---------------
> <?xml version="1.0" encoding="ISO-8859-1"?>
>
> <jsp:root version="1.2" xmlns:jsp="http://java.sun.com/JSP/Page">
> <jsp:directive.page contentType="test/xml+svg" />
> <jsp:scriptlet><![CDATA[
> 	String t = "test";
> 	String xpos = "10";
> ]]></jsp:scriptlet>
>
> 	<jsp:text><![CDATA[<?xml version="1.0" encoding="ISO-8859-1" ?>
>
> 	]]></jsp:text>
> 	<svg width="100" height="100" xmlns='http://www.w3.org/2000/svg'>
> 		<text y="10"
> x="%=xpos%"><jsp:expression>t</jsp:expression></text>
> 	</svg>
> </jsp:root>
> ---------------
>
> My problem is that the
>    x="%=xpos%"
> expression is not expanded (in tomcat 4.0), so the generated SVG document
> looks like
>
> <snippet>
>   <text y="10" x="%=xpos%">test</text>
> </snippet>
>

That's correct, because <text> is not recognized as a custom tag.
Choices:

* Create a custom tag <foo:text> which just dumps out the
  corresponding <text> tag

* Write the XML syntax in the way that the JSP compiler expects:

    <jsp:text><![CDATA[<text y="10" x="]]>
    <jsp:expression>xpos</jsp:expression>
    <jsp:text><![CDATA[">test</test></jsp:text>

* Use the JSP syntax, where <%= %> expressions *are* recognized
  everywhere.

> cheers,
>
> james
>

Craig McClanahan

> --
> James Uther                   www.F-Secure.com
> Senior Software Engineer  F-Secure Corporation
>
>         Securing the Mobile Enterprise
>