View | Details | Raw Unified | Return to bug 56265
Collapse All | Expand All

(-)java/org/apache/jasper/compiler/Generator.java (-1 / +1 lines)
Lines 1839-1845 Link Here
1839
                        out.print(" + \"\\\"");
1839
                        out.print(" + \"\\\"");
1840
                    } else {
1840
                    } else {
1841
                        out.print(DOUBLE_QUOTE);
1841
                        out.print(DOUBLE_QUOTE);
1842
                        out.print(attrs.getValue(i).replace("\"", """));
1842
                        out.print(jspAttrs[i].getValue().replace("\"", """));
1843
                        out.print(DOUBLE_QUOTE);
1843
                        out.print(DOUBLE_QUOTE);
1844
                    }
1844
                    }
1845
                }
1845
                }
(-)java/org/apache/jasper/compiler/Validator.java (-23 / +28 lines)
Lines 1359-1392 Link Here
1359
                    result = new Node.JspAttribute(tai, qName, uri, localName,
1359
                    result = new Node.JspAttribute(tai, qName, uri, localName,
1360
                            value.substring(3, value.length() - 2), true, null,
1360
                            value.substring(3, value.length() - 2), true, null,
1361
                            dynamic);
1361
                            dynamic);
1362
                } else if (pageInfo.isELIgnored()) {
1363
                    result = new Node.JspAttribute(tai, qName, uri, localName,
1364
                            value, false, null, dynamic);
1365
                } else {
1362
                } else {
1366
                    // The attribute can contain expressions but is not a
1363
                    ELNode.Nodes el = null;
1367
                    // scriptlet expression; thus, we want to run it through
1364
                    if (!pageInfo.isELIgnored()) {
1368
                    // the expression interpreter
1365
                        // The attribute can contain expressions but is not a
1366
                        // scriptlet expression; thus, we want to run it through
1367
                        // the expression interpreter
1369
1368
1370
                    // validate expression syntax if string contains
1369
                        // validate expression syntax if string contains
1371
                    // expression(s)
1370
                        // expression(s)
1372
                    ELNode.Nodes el = ELParser.parse(value, pageInfo
1371
                        el = ELParser.parse(value,
1373
                            .isDeferredSyntaxAllowedAsLiteral());
1372
                                pageInfo.isDeferredSyntaxAllowedAsLiteral());
1373
                        if (el.containsEL()) {
1374
                            validateFunctions(el, n);
1375
                        } else {
1376
                            el = null;
1377
                        }
1378
                    }
1374
1379
1375
                    if (el.containsEL()) {
1380
                    // bug 55198: Apply xml escaping to attributes of
1376
1381
                    // uninterpreted tags on pages using XML syntax
1377
                        validateFunctions(el, n);
1382
                    // TODO: make this optional for legacy compatibility
1378
1383
                    if (n instanceof Node.UninterpretedTag
1379
                        if (n.getRoot().isXmlSyntax()) {
1384
                            && n.getRoot().isXmlSyntax()) {
1385
                        if (el != null) {
1380
                            // The non-EL elements need to be XML escaped
1386
                            // The non-EL elements need to be XML escaped
1381
                            XmlEscapeNonELVisitor v = new XmlEscapeNonELVisitor();
1387
                            XmlEscapeNonELVisitor v = new XmlEscapeNonELVisitor();
1382
                            el.visit(v);
1388
                            el.visit(v);
1383
                            result = new Node.JspAttribute(tai, qName, uri,
1389
                            value = v.getText();
1384
                                    localName, v.getText(), false, el, dynamic);
1385
                        } else {
1390
                        } else {
1386
                            result = new Node.JspAttribute(tai, qName, uri,
1391
                            value = xmlEscape(value);
1387
                                    localName, value, false, el, dynamic);
1388
                        }
1392
                        }
1393
                    }
1389
1394
1395
                    result = new Node.JspAttribute(tai, qName, uri, localName,
1396
                            value, false, el, dynamic);
1397
1398
                    if (el != null) {
1390
                        ELContextImpl ctx =
1399
                        ELContextImpl ctx =
1391
                                new ELContextImpl(expressionFactory);
1400
                                new ELContextImpl(expressionFactory);
1392
                        ctx.setFunctionMapper(getFunctionMapper(el));
1401
                        ctx.setFunctionMapper(getFunctionMapper(el));
Lines 1399-1408 Link Here
1399
                                    "jsp.error.invalid.expression", value, e
1408
                                    "jsp.error.invalid.expression", value, e
1400
                                            .toString());
1409
                                            .toString());
1401
                        }
1410
                        }
1402
1403
                    } else {
1404
                        result = new Node.JspAttribute(tai, qName, uri,
1405
                                localName, value, false, null, dynamic);
1406
                    }
1411
                    }
1407
                }
1412
                }
1408
            } else {
1413
            } else {
(-)test/org/apache/jasper/compiler/TestParser.java (-10 / +35 lines)
Lines 328-345 Link Here
328
328
329
        String result = res.toString();
329
        String result = res.toString();
330
330
331
        Assert.assertTrue(result.contains(""1foo1"") ||
331
        Assert.assertTrue(result,
332
                result.contains(""1foo1""));
332
                result.contains(""1foo1<&>"")
333
        Assert.assertTrue(result.contains(""2bar2"") ||
333
             || result.contains(""1foo1<&>""));
334
                result.contains(""2bar2""));
334
        Assert.assertTrue(result,
335
        Assert.assertTrue(result.contains(""3a&b3"") ||
335
                result.contains(""2bar2<&>"")
336
                result.contains(""3a&b3""));
336
             || result.contains(""2bar2<&>""));
337
        Assert.assertTrue(result.contains(""4&4"") ||
337
        Assert.assertTrue(result,
338
                result.contains(""4&4""));
338
                result.contains(""3a&b3"")
339
        Assert.assertTrue(result.contains(""5'5"") ||
339
             || result.contains(""3a&b3""));
340
                result.contains(""5'5""));
340
        Assert.assertTrue(result,
341
                result.contains(""4&4"")
342
             || result.contains(""4&4""));
343
        Assert.assertTrue(result,
344
                result.contains(""5'5"")
345
             || result.contains(""5'5""));
341
    }
346
    }
342
347
348
    public void testBug56265() throws Exception {
349
        Tomcat tomcat = getTomcatInstance();
350
351
        File appDir = new File("test/webapp");
352
        // app dir is relative to server home
353
        tomcat.addWebapp(null, "/test", appDir.getAbsolutePath());
354
355
        tomcat.start();
356
357
        ByteChunk res = getUrl("http://localhost:" + getPort() +
358
                "/test/bug5nnnn/bug56265.jsp");
359
360
        String result = res.toString();
361
362
        Assert.assertTrue(result,
363
                result.contains("[1: [data-test]: [window.alert('Hello World<&>!')]]"));
364
        Assert.assertTrue(result,
365
                result.contains("[2: [data-test]: [window.alert('Hello 'World<&>'!')]]"));
366
    }
367
343
    /** Assertion for text printed by tags:echo */
368
    /** Assertion for text printed by tags:echo */
344
    private static void assertEcho(String result, String expected) {
369
    private static void assertEcho(String result, String expected) {
345
        assertTrue(result.indexOf("<p>" + expected + "</p>") > 0);
370
        assertTrue(result.indexOf("<p>" + expected + "</p>") > 0);
(-)test/webapp/bug5nnnn/bug56265.jsp (+29 lines)
Line 0 Link Here
1
<%--
2
 Licensed to the Apache Software Foundation (ASF) under one or more
3
  contributor license agreements.  See the NOTICE file distributed with
4
  this work for additional information regarding copyright ownership.
5
  The ASF licenses this file to You under the Apache License, Version 2.0
6
  (the "License"); you may not use this file except in compliance with
7
  the License.  You may obtain a copy of the License at
8
9
      http://www.apache.org/licenses/LICENSE-2.0
10
11
  Unless required by applicable law or agreed to in writing, software
12
  distributed under the License is distributed on an "AS IS" BASIS,
13
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
  See the License for the specific language governing permissions and
15
  limitations under the License.
16
--%>
17
<%@ taglib prefix="tags" tagdir="/WEB-INF/tags" %>
18
<%
19
request.setAttribute("text", "'World <&>'");
20
%>
21
<html>
22
  <head><title>Bug 56265 test case</title></head>
23
  <body>
24
    <p>[1: <tags:bug56265 data-test="window.alert('Hello World&lt;&amp;&gt;!')"/>]</p>
25
    <p>[2: <tags:bug56265 data-test="window.alert('Hello ${world}!')"/>]</p>
26
  </body>
27
</html>
28
29
native
(-)test/webapp/WEB-INF/tags/bug55198.tagx (-2 / +2 lines)
Lines 17-24 Link Here
17
-->
17
-->
18
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0">
18
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0">
19
<jsp:directive.tag body-content="scriptless" />
19
<jsp:directive.tag body-content="scriptless" />
20
<a href="#" onclick="window.alert(&quot;1${'foo'}1&quot;)">foo</a>
20
<a href="#" onclick="window.alert(&quot;1${'foo'}1&lt;&amp;&gt;&quot;)">foo</a>
21
<a href="#" onclick="window.alert(&quot;2bar2&quot;)">bar</a>
21
<a href="#" onclick="window.alert(&quot;2bar2&lt;&amp;&gt;&quot;)">bar</a>
22
<a href="#" onclick="window.alert(&quot;3${text}3&quot;)">foo</a>
22
<a href="#" onclick="window.alert(&quot;3${text}3&quot;)">foo</a>
23
<a href="#" onclick="window.alert(&quot;4${'&amp;'}4&quot;)">foo</a>
23
<a href="#" onclick="window.alert(&quot;4${'&amp;'}4&quot;)">foo</a>
24
<a href="#" onclick="window.alert(&quot;5${'&amp;apos;'}5&quot;)">foo</a>
24
<a href="#" onclick="window.alert(&quot;5${'&amp;apos;'}5&quot;)">foo</a>
(-)test/webapp/WEB-INF/tags/bug56265.tagx (+24 lines)
Line 0 Link Here
1
<?xml version="1.0" encoding="UTF-8" ?>
2
<!--
3
  Licensed to the Apache Software Foundation (ASF) under one or more
4
  contributor license agreements.  See the NOTICE file distributed with
5
  this work for additional information regarding copyright ownership.
6
  The ASF licenses this file to You under the Apache License, Version 2.0
7
  (the "License"); you may not use this file except in compliance with
8
  the License.  You may obtain a copy of the License at
9
10
      http://www.apache.org/licenses/LICENSE-2.0
11
12
  Unless required by applicable law or agreed to in writing, software
13
  distributed under the License is distributed on an "AS IS" BASIS,
14
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
  See the License for the specific language governing permissions and
16
  limitations under the License.
17
-->
18
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0"
19
 xmlns:c="http://java.sun.com/jsp/jstl/core">
20
  <jsp:directive.tag body-content="empty" dynamic-attributes="attMap" />
21
  <c:forEach var="e" items="${attMap}">
22
    <jsp:text>[${e.key}]: [${e.value}]</jsp:text>
23
  </c:forEach>
24
</jsp:root>

Return to bug 56265