tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: TC 5.5.27 upgrade JSP tag attribute quoting
Date Wed, 15 Oct 2008 13:35:16 GMT
David Wall wrote:
> While it makes sense, I was just checking to see if upgrading from
> Tomcat 5.5.26 to 5.5.27, not thinking such an upgrade would require JSP
> source code changes, will hold true going forward with subsequent Tomcat
> releases.
> 
> We have a few places where JSP tag attribute values have Java code that
> itself contains double quotes, such as:
> 
> <tt:mytag value="<%=("field"+i)%>"/>
> or
> <tt:mytag value="<%=bean.get("name")%>"/>
> 
> In 5.5.26, this compiled okay, but in 5.5.27, it results in an error like:
> 
> org.apache.jasper.JasperException: /app/mypage.jsp(43,21) Attribute
> value ("field"+i) is quoted with " which must be escaped when used
> within the value
>     org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:40)
> 
> 
> 
> It does make some sense, yet it worked fine for years.  Is this
> something that will be true going forward with Tomcat releases, or is
> this some sort of "bug" that was introduced in 5.5.27?  It is only
> interesting because even the error message shows it parses the attribute
> value correctly.

Versions prior to 5.5.27 did not enforce the quoting requirements of the
JSP spec. This was fixed in 5.5.27. You can disable this behaviour. See
http://tomcat.apache.org/tomcat-5.5-doc/config/systemprops.html and look
for STRICT_QUOTE_ESCAPING.

Mark


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message