tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r657231 - in /tomcat/trunk/java/org/apache/jasper: compiler/Parser.java resources/LocalStrings.properties
Date Fri, 16 May 2008 22:28:09 GMT
Author: markt
Date: Fri May 16 15:28:09 2008
New Revision: 657231

URL: http://svn.apache.org/viewvc?rev=657231&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45015
You can't use an unescaped quote in an attribute value if you have quoted the value using
that quote character

Modified:
    tomcat/trunk/java/org/apache/jasper/compiler/Parser.java
    tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties

Modified: tomcat/trunk/java/org/apache/jasper/compiler/Parser.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/Parser.java?rev=657231&r1=657230&r2=657231&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/Parser.java (original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/Parser.java Fri May 16 15:28:09 2008
@@ -244,7 +244,8 @@
             err.jspError(start, "jsp.error.attribute.unterminated", watch);
         }
 
-        String ret = parseQuoted(reader.getText(start, stop));
+        String ret = parseQuoted(start, reader.getText(start, stop),
+                watch.charAt(watch.length() - 1));
         if (watch.length() == 1) // quote
             return ret;
 
@@ -257,7 +258,8 @@
      * QuotedChar ::= ''' | '"' | '\\' | '\"' | "\'" | '\>' | '\$' |
      * Char
      */
-    private String parseQuoted(String tx) {
+    private String parseQuoted(Mark start, String tx, char quote)
+            throws JasperException {
         StringBuffer buf = new StringBuffer();
         int size = tx.length();
         int i = 0;
@@ -291,6 +293,10 @@
                     buf.append('\\');
                     ++i;
                 }
+            } else if (ch == quote) {
+                // Unescaped quote character
+                err.jspError(start, "jsp.error.attribute.noescape", tx,
+                        "" + quote);
             } else {
                 buf.append(ch);
                 ++i;

Modified: tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=657231&r1=657230&r2=657231&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties Fri May 16 15:28:09
2008
@@ -341,6 +341,7 @@
 jsp.error.attribute.noequal=equal symbol expected
 jsp.error.attribute.noquote=quote symbol expected
 jsp.error.attribute.unterminated=attribute for {0} is not properly terminated
+jsp.error.attribute.noescape=Attribute value {0} is quoted with {1} which must be escaped
when used within the value
 jsp.error.missing.tagInfo=TagInfo object for {0} is missing from TLD
 jsp.error.deferredmethodsignaturewithoutdeferredmethod=Cannot specify a method signature
if 'deferredMethod' is not 'true'
 jsp.error.deferredvaluetypewithoutdeferredvalue=Cannot specify a value type if 'deferredValue'
is not 'true'



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message