tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: double xmlEscape in dynamic attributes in 7.0.52
Date Fri, 14 Mar 2014 16:31:16 GMT
2014-03-14 18:35 GMT+04:00 Mark Thomas <markt@apache.org>:
> On 14/03/2014 11:57, Konstantin Kolinko wrote:
>> 2014-03-14 15:37 GMT+04:00 Zboron Lukas <lzboron@gratex.com>:
>>> Hi,
>>> I have several custom jspx tags with dynamic attributes that worked well up
>>> to Tomcat 7.0.47, but they do not work properly on Tomcat 7.0.52. Same
>>> problems occur also when using Spring form tags (I suspect that other
>>> libraries would have same problem, but I didn't test them).
>>>
>>> sample (data-test[2] is dynamic attribute, onclick is static):
>>> <c:set var="world" value="'World'"></c:set>
>>> <sf:form onclick="window.alert('Hello ${world}!')"
>>>         data-test="window.alert('Hello ${world}!')"
>>>         data-test2="window.alert('Hello World!')"
>>> tomcat 7.0.47 output:
>>> <form onclick="window.alert(&#39;Hello &#39;World&#39;!&#39;)"
>>>         data-test="window.alert(&#39;Hello &#39;World&#39;!&#39;)"
>>>         data-test2="window.alert(&#39;Hello World!&#39;)"
>>> tomcat 7.0.52 output:
>>> <form onclick="window.alert(&#39;Hello &#39;World&#39;!&#39;)"
>>>         data-test="window.alert(&amp;#039;Hello &#39;World&#39;!&amp;#039;)"
>>>         data-test2="window.alert(&#39;Hello World!&#39;)"
>>>
>>> If there is EL used in dynamic attribute (data-test), non-EL part of that
>>> attribute is escaped twice, EL part is escaped only once. Tomcat 7.0.47
>>> would escape everything just once.
>>> Everything works as before if static attribute is used (onclick) or there is
>>> no EL in dynamic attribute (data-test2).
>>>
>>> I strongly suspect, that this is caused by this fix:
>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=55735, but I don't
>>> understand why using EL should cause double escaping of the rest of
>>> attribute value. Is it bug?
>>>
>>
>> It looks like a bug.
>>
>> Please file an issue in Bugzilla.
>> It would be nice if you can attach a simple reproducing web application to it.
>
> It would also help if we could see the source for sf:form or a
> simplified version of if that demonstrates the problem.
>

Apparently this is about <form:form> tag from Spring Framework "form" tags.

Those are in spring-webmvc-4.0.2.RELEASE.jar

META-INF/spring-form.tld defines the tag as

[[[
<?xml version="1.0" encoding="UTF-8"?>
<taglib xmlns="http://java.sun.com/xml/ns/j2ee"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
        version="2.0">

    <description>Spring Framework JSP Form Tag Library</description>
    <tlib-version>4.0</tlib-version>
    <short-name>form</short-name>
    <uri>http://www.springframework.org/tags/form</uri>

    <tag>
        <description>Renders an HTML 'form' tag and exposes a binding
path to inner tags for binding.</description>
        <name>form</name>
        <tag-class>org.springframework.web.servlet.tags.form.FormTag</tag-class>
        <body-content>JSP</body-content>
        <attribute>
            <description>HTML Standard Attribute</description>
            <name>id</name>
            <required>false</required>
            <rtexprvalue>true</rtexprvalue>
        </attribute>
(..skipping a lot of attributes)
        <dynamic-attributes>true</dynamic-attributes>
    </tag>

and with <dynamic-attributes> it allows to pass any random
user-created attribute there.

Printing those dynamic attributes looks like the following:
in \org\springframework\web\servlet\tags\form\AbstractHtmlElementTag.java

        if (!CollectionUtils.isEmpty(this.dynamicAttributes)) {
            for (String attr : this.dynamicAttributes.keySet()) {
                tagWriter.writeOptionalAttributeValue(attr,
getDisplayString(this.dynamicAttributes.get(attr)));
            }
        }

Links:
https://github.com/spring-projects/spring-framework
https://repo.spring.io/libs-release-local/org/springframework/spring/4.0.2.RELEASE/

https://github.com/spring-projects/spring-framework/blob/master/spring-webmvc/src/main/java/org/springframework/web/servlet/tags/form/AbstractHtmlElementTag.java

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message