tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: double xmlEscape in dynamic attributes in 7.0.52
Date Fri, 14 Mar 2014 16:31:16 GMT
2014-03-14 18:35 GMT+04:00 Mark Thomas <>:
> On 14/03/2014 11:57, Konstantin Kolinko wrote:
>> 2014-03-14 15:37 GMT+04:00 Zboron Lukas <>:
>>> Hi,
>>> I have several custom jspx tags with dynamic attributes that worked well up
>>> to Tomcat 7.0.47, but they do not work properly on Tomcat 7.0.52. Same
>>> problems occur also when using Spring form tags (I suspect that other
>>> libraries would have same problem, but I didn't test them).
>>> sample (data-test[2] is dynamic attribute, onclick is static):
>>> <c:set var="world" value="'World'"></c:set>
>>> <sf:form onclick="window.alert('Hello ${world}!')"
>>>         data-test="window.alert('Hello ${world}!')"
>>>         data-test2="window.alert('Hello World!')"
>>> tomcat 7.0.47 output:
>>> <form onclick="window.alert(&#39;Hello &#39;World&#39;!&#39;)"
>>>         data-test="window.alert(&#39;Hello &#39;World&#39;!&#39;)"
>>>         data-test2="window.alert(&#39;Hello World!&#39;)"
>>> tomcat 7.0.52 output:
>>> <form onclick="window.alert(&#39;Hello &#39;World&#39;!&#39;)"
>>>         data-test="window.alert(&amp;#039;Hello &#39;World&#39;!&amp;#039;)"
>>>         data-test2="window.alert(&#39;Hello World!&#39;)"
>>> If there is EL used in dynamic attribute (data-test), non-EL part of that
>>> attribute is escaped twice, EL part is escaped only once. Tomcat 7.0.47
>>> would escape everything just once.
>>> Everything works as before if static attribute is used (onclick) or there is
>>> no EL in dynamic attribute (data-test2).
>>> I strongly suspect, that this is caused by this fix:
>>>, but I don't
>>> understand why using EL should cause double escaping of the rest of
>>> attribute value. Is it bug?
>> It looks like a bug.
>> Please file an issue in Bugzilla.
>> It would be nice if you can attach a simple reproducing web application to it.
> It would also help if we could see the source for sf:form or a
> simplified version of if that demonstrates the problem.

Apparently this is about <form:form> tag from Spring Framework "form" tags.

Those are in spring-webmvc-4.0.2.RELEASE.jar

META-INF/spring-form.tld defines the tag as

<?xml version="1.0" encoding="UTF-8"?>
<taglib xmlns=""

    <description>Spring Framework JSP Form Tag Library</description>

        <description>Renders an HTML 'form' tag and exposes a binding
path to inner tags for binding.</description>
            <description>HTML Standard Attribute</description>
(..skipping a lot of attributes)

and with <dynamic-attributes> it allows to pass any random
user-created attribute there.

Printing those dynamic attributes looks like the following:
in \org\springframework\web\servlet\tags\form\

        if (!CollectionUtils.isEmpty(this.dynamicAttributes)) {
            for (String attr : this.dynamicAttributes.keySet()) {


Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message