tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 45427] Unmatched quotes inside EL break JSP parser
Date Sat, 09 Aug 2008 21:28:19 GMT

ilango <> changed:

           What    |Removed                     |Added
             Status|NEW                         |NEEDINFO

--- Comment #1 from ilango <>  2008-08-09 14:28:17 PST ---
(In reply to comment #0)
Can I test this under Tomcat under Ubuntu Fiesty Fawn?

> Created an attachment (id=22277)
 --> ( [details]
> Simple WAR containing test JSPs for the working and broken expressions. 
> According to my reading of Sun's EL spec for JSP 2.1, any of the following
> expressions should be legal -
>     ${'This string contains unmatched escaped \' single and " double quotes,
> inside single quotes'}
>     ${"This string contains unmatched ' single and escaped \" double quotes,
> inside double quotes"}
>     ${"This string contains an ' unescaped single quote, inside double quotes"}
>     ${'This string contains an " unescaped, unmatched double quote, inside
> single quotes'}
> - but in Tomcat, none of the above expressions compiles, at least not when
> alone. (In some files, the unmatched quote may be matched inside a later EL
> expression. In that case, the JSP will compile, but both expressions, together
> with everything in between them, will be merged into one string literal! This
> is especially insidious.)
> org.apache.jasper.JasperException: /broken1.jsp(2,2) Unterminated ${ tag
> org.apache.jasper.compiler.DefaultErrorHandler.jspError(
> org.apache.jasper.compiler.ErrorDispatcher.dispatch(
> org.apache.jasper.compiler.ErrorDispatcher.jspError(
> org.apache.jasper.compiler.Parser.parseELExpression(
> org.apache.jasper.compiler.Parser.parseElements(
> org.apache.jasper.compiler.Parser.parse(
> org.apache.jasper.compiler.ParserController.doParse(
> org.apache.jasper.compiler.ParserController.parse(
> org.apache.jasper.compiler.Compiler.generateJava(
> org.apache.jasper.compiler.Compiler.compile(
> org.apache.jasper.compiler.Compiler.compile(
> org.apache.jasper.compiler.Compiler.compile(
> org.apache.jasper.JspCompilationContext.compile(
> org.apache.jasper.servlet.JspServletWrapper.service(
> org.apache.jasper.servlet.JspServlet.serviceJspFile(
> org.apache.jasper.servlet.JspServlet.service(
> javax.servlet.http.HttpServlet.service(
> The EL parser implementation seems to think that nested quotes are only escaped
> if they are the same (single/double) as the surrounding quotes, but nested
> quotes don't have to be closed/matched. The JSP implementation, on the other
> hand, seems to think that quotes do have to be matched, unless they are
> escaped. For some strings (above), no combination of escaping will make both
> parsers happy. I'm not sure whether this is a bug in the JSP implementation, or
> perhaps a deficiency in the JSP/EL specs.
> I have collected the above expressions which break the parser
> (broken[1234].jsp), along with some illegal expressions and some working
> expressions (working.jsp) in a small WAR file which is attached to this report.
> I don't believe that the files broken[1234].jsp should be causing exceptions.
> Note: for some reason, single quoted strings are not allowed(!) to contain
> escaped double quotes, and vice versa, so these expressions are illegal, and
> thus it's okay that they don't compile (illegal[12].jsp):
>     ${"This string contains an \' escaped single quote, inside double quotes"}
>     ${'This string contains an \" escaped double quote, inside single quotes'}
> (Note that the text of the EL spec implies that these should be legal, but the
> EL grammar says otherwise. Not a good sign...)

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message