You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Konstantin Kolinko <kn...@gmail.com> on 2014/04/28 13:43:57 UTC
Reviewing EL processing fix (BZ 56334)
Hi!
I am reviewing the ELParser fix for
https://issues.apache.org/bugzilla/show_bug.cgi?id=56334
Those are
in 7.0:
http://svn.apache.org/viewvc?view=revision&revision=r1587887
in 6.0:
1). In java/org/apache/jasper/compiler/Validator.java
There was replacement s/ attrs.getValue(i) / attributeValue / in one
of methods. There were two occurrences where that replacement was not
done - in error messages. I went on and fixed that in r1590604 .
I'll backport to Tomcat 7 shortly. A cosmetic issue.
2) The above mentioned replacement is missing from Validator.java in
Tomcat 6 patch.
I suspect that this might be a bug in Tomcat 6.
3) A comment in org.apache.jasper.compiler.TestELParser:
* <li>LiteralExpressions always occur outside of "${...}" and "#{...}". Literal
* expressions escape '$' and '#' with '\\' if '$' or '#' is followed by '{'
* but neither '\\' nor '{' is escaped.</li>
The ["if '$' or '#' is followed by '{'"] part is not needed.
As far as I am reading JSP 2.2 spec, $ and # are escaped by '\'
regardless of whether they are followed by '{'.
The code in ELParser does not check for following '{'.
(No bug here. The implementation is correct. Only the comment is off).
4) Validator$ValidateVisitor$XmlEscapeNonELVisitor.visit(Text)
The code in ELParser.TextBuilder.visit(Text) was updated to apply
"escapeLiteralExpression()", but the same method in
XmlEscapeNonELVisitor has not been updated.
I think it is a bug here.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Reviewing EL processing fix (BZ 56334)
Posted by Violeta Georgieva <mi...@gmail.com>.
На вторник, 29 април 2014 г. Mark Thomas <ma...@apache.org> написа:
> On 28/04/2014 19:56, Konstantin Kolinko wrote:
>> 2014-04-28 21:37 GMT+04:00 Violeta Georgieva <mi...@gmail.com>:
>>> Hi,
>>>
>>>>
>>>> 4) Validator$ValidateVisitor$XmlEscapeNonELVisitor.visit(Text)
>>>>
>>>> The code in ELParser.TextBuilder.visit(Text) was updated to apply
>>>> "escapeLiteralExpression()", but the same method in
>>>> XmlEscapeNonELVisitor has not been updated.
>>>>
>>>> I think it is a bug here.
>>>
>>> Do you want to wait with 7.0.54?
>>
>> Yes, I think it is a bug.
>
> It also appears to be an issue with multiple parts. I'm 95% sure I have
> found a bug in the EL parser while digging into this. I agree we need a
> little more time to get this right.
>
ok
Violeta
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
Re: Reviewing EL processing fix (BZ 56334)
Posted by Mark Thomas <ma...@apache.org>.
On 28/04/2014 19:56, Konstantin Kolinko wrote:
> 2014-04-28 21:37 GMT+04:00 Violeta Georgieva <mi...@gmail.com>:
>> Hi,
>>
>>>
>>> 4) Validator$ValidateVisitor$XmlEscapeNonELVisitor.visit(Text)
>>>
>>> The code in ELParser.TextBuilder.visit(Text) was updated to apply
>>> "escapeLiteralExpression()", but the same method in
>>> XmlEscapeNonELVisitor has not been updated.
>>>
>>> I think it is a bug here.
>>
>> Do you want to wait with 7.0.54?
>
> Yes, I think it is a bug.
It also appears to be an issue with multiple parts. I'm 95% sure I have
found a bug in the EL parser while digging into this. I agree we need a
little more time to get this right.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Reviewing EL processing fix (BZ 56334)
Posted by Konstantin Kolinko <kn...@gmail.com>.
2014-04-28 21:37 GMT+04:00 Violeta Georgieva <mi...@gmail.com>:
> Hi,
>
>>
>> 4) Validator$ValidateVisitor$XmlEscapeNonELVisitor.visit(Text)
>>
>> The code in ELParser.TextBuilder.visit(Text) was updated to apply
>> "escapeLiteralExpression()", but the same method in
>> XmlEscapeNonELVisitor has not been updated.
>>
>> I think it is a bug here.
>
> Do you want to wait with 7.0.54?
Yes, I think it is a bug.
You are also missing o.a.naming issue.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Reviewing EL processing fix (BZ 56334)
Posted by Violeta Georgieva <mi...@gmail.com>.
Hi,
2014-04-28 14:43 GMT+03:00 Konstantin Kolinko <kn...@gmail.com>:
>
> Hi!
>
> I am reviewing the ELParser fix for
> https://issues.apache.org/bugzilla/show_bug.cgi?id=56334
>
> Those are
> in 7.0:
> http://svn.apache.org/viewvc?view=revision&revision=r1587887
> in 6.0:
>
> 1). In java/org/apache/jasper/compiler/Validator.java
>
> There was replacement s/ attrs.getValue(i) / attributeValue / in one
> of methods. There were two occurrences where that replacement was not
> done - in error messages. I went on and fixed that in r1590604 .
>
> I'll backport to Tomcat 7 shortly. A cosmetic issue.
>
> 2) The above mentioned replacement is missing from Validator.java in
> Tomcat 6 patch.
>
> I suspect that this might be a bug in Tomcat 6.
>
>
> 3) A comment in org.apache.jasper.compiler.TestELParser:
>
> * <li>LiteralExpressions always occur outside of "${...}" and "#{...}".
Literal
> * expressions escape '#39; and '#' with '\\' if '#39; or '#' is
followed by '{'
> * but neither '\\' nor '{' is escaped.</li>
>
> The ["if '#39; or '#' is followed by '{'"] part is not needed.
>
> As far as I am reading JSP 2.2 spec, $ and # are escaped by '\'
> regardless of whether they are followed by '{'.
>
> The code in ELParser does not check for following '{'.
>
> (No bug here. The implementation is correct. Only the comment is off).
>
> 4) Validator$ValidateVisitor$XmlEscapeNonELVisitor.visit(Text)
>
> The code in ELParser.TextBuilder.visit(Text) was updated to apply
> "escapeLiteralExpression()", but the same method in
> XmlEscapeNonELVisitor has not been updated.
>
> I think it is a bug here.
Do you want to wait with 7.0.54?
Thanks
Violeta
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>