Bug 43617 - attribute values within a .tag(x) file are not properly escaped
Summary: attribute values within a .tag(x) file are not properly escaped
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Jasper (show other bugs)
Version: 6.0.14
Hardware: Other All
: P2 normal (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-12 18:29 UTC by Lucas Galfaso
Modified: 2008-05-01 10:55 UTC (History)
0 users



Attachments
Proposed patch (1.14 KB, patch)
2007-10-12 18:30 UTC, Lucas Galfaso
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Lucas Galfaso 2007-10-12 18:29:40 UTC
Attribute values within a .tag(x) file are not properly escaped when they are
converted into .java files.
E.g
Create a .tagx file with this content

<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
          xmlns="http://www.w3.org/1999/xhtml"
          version="2.1">
  <div test='"'>Hello world</div>
</jsp:root>

Call this tag from a .jsp page.

Will attach a patch within some minutes
Comment 1 Lucas Galfaso 2007-10-12 18:30:43 UTC
Created attachment 20973 [details]
Proposed patch
Comment 2 Mark Thomas 2008-04-23 14:51:28 UTC
I think you meant &quot; rather than &amp; in your patch.

I have commited a variation to trunk and proposed it for 6.0.x
Comment 3 Lucas Galfaso 2008-04-25 14:57:46 UTC
Hi Mark and sorry to bug you, but the commited patch is still not good, the test case is

<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
          xmlns="http://www.w3.org/1999/xhtml"
          version="2.1">
  <div test='"&apos; thisIsPartOfTheAttributeValueAndNotANewAttribute=&apos:-)&apos;'>Hello world</div>
</jsp:root>

I think there is no way around to inserting the xml escape code.
Comment 4 Mark Thomas 2008-04-25 15:40:15 UTC
Thanks for the additional test case. I have applied a better patch based on your original proposal.
Comment 5 Mark Thomas 2008-05-01 10:55:02 UTC
The fix has been committed and will be in 6.0.17 onwards.