tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 62825] New: JSP inline javeascript backslash miss escaping in single quote string values
Date Mon, 15 Oct 2018 06:13:52 GMT

            Bug ID: 62825
           Summary: JSP inline javeascript backslash miss escaping in
                    single quote string values
           Product: Tomcat 8
           Version: 8.5.27
          Hardware: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Jasper
  Target Milestone: ----

Created attachment 36198
Contains the source jsp inline javascript file, the result parsing javascript
source in Chrome developer mode and the generated jsp java file.

The inline javascript in jsp suppose should have the same javascript source as
plain javascript in a non-jsp page (ex. html).

But when there is a backslash value '\\' value in a jsp page, after the jsp
engine parsing the output jsp java file didn't escape the backslash value in
the single quote string value, the incorrect result is "...'\\'...", while the
correct result should be "...'\\\\'...".

Steps to reproduce:
1) Create a index.jsp file add the following javascript code:
console.log('^?123'.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g, '\\$&');

2) Open the generated jsp java file, the result parsing is as follows:
'\\$&') + '(.*)');\r\n");

3) The correct generated jsp java file, should be as follows:
'\\\\$&') + '(.*)');\r\n");

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message