tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: svn commit: r702587 - /tomcat/trunk/java/org/apache/jasper/compiler/Parser.java
Date Tue, 07 Oct 2008 19:18:01 GMT
On 07/10/2008, markt@apache.org <markt@apache.org> wrote:
> Author: markt
>  Date: Tue Oct  7 12:10:51 2008
>  New Revision: 702587
>
>  URL: http://svn.apache.org/viewvc?rev=702587&view=rev
>  Log:
>  EG confirmed that attribute values should be fully escaped, including any EL. Note this
does not fix bug 45451.
>
>  Modified:
>     tomcat/trunk/java/org/apache/jasper/compiler/Parser.java
>
>  Modified: tomcat/trunk/java/org/apache/jasper/compiler/Parser.java
>  URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/Parser.java?rev=702587&r1=702586&r2=702587&view=diff
>  ==============================================================================
>  --- tomcat/trunk/java/org/apache/jasper/compiler/Parser.java (original)
>  +++ tomcat/trunk/java/org/apache/jasper/compiler/Parser.java Tue Oct  7 12:10:51 2008
>  @@ -265,7 +265,6 @@
>      private String parseQuoted(Mark start, String tx, char quote)
>              throws JasperException {
>          StringBuffer buf = new StringBuffer();
>  -        boolean possibleEL = tx.contains("${");
>          int size = tx.length();
>          int i = 0;
>          while (i < size) {
>  @@ -287,20 +286,10 @@
>                  }
>              } else if (ch == '\\' && i + 1 < size) {
>                  ch = tx.charAt(i + 1);
>  -                if (ch == '\\' || ch == '\"' || ch == '\'') {
>  -                    if (pageInfo.isELIgnored() || !possibleEL) {
>  -                        // EL is not enabled or no chance of EL
>  -                        // Unescape these now
>  -                        buf.append(ch);
>  -                        i += 2;
>  -                    } else {
>  -                        // EL is enabled and ${ appears in value
>  -                        // EL processing will escape these
>  -                        buf.append('\\');
>  -                        buf.append(ch);
>  -                        i += 2;
>  -                    }
>  -                } else if (ch == '>') {
>  +                if (ch == '\\' || ch == '\"' || ch == '\'' || (ch == '>')) {
>  +                    // \ " and ' are always unescaped regardless of if they are
>  +                    // or outside of an EL expression. JSP.1.6 takes precedence
>  +                    // over JSP.1.3.10 (confirmed with EG)

The sentence:

\ " and ' are always unescaped regardless of if they are or outside of
an EL expression.

seems a bit odd to me - at least one word is missing.

Might be better as:

" and ' are always unescaped regardless of whether they are inside or
outside an EL expression.

>                      buf.append(ch);
>                      i += 2;
>                  } else {
>
>
>
>  ---------------------------------------------------------------------
>  To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>  For additional commands, e-mail: dev-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message