ASF Bugzilla – Attachment 31400 Details for
Bug 56265
Unexpected escaping in the values of dynamic tag attributes containing EL expressions
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
2014-03-18_56265_tc8_v2.patch
2014-03-18_56265_tc8_v2.patch (text/plain), 10.96 KB, created by
Konstantin Kolinko
on 2014-03-18 11:26:12 UTC
(
hide
)
Description:
2014-03-18_56265_tc8_v2.patch
Filename:
MIME Type:
Creator:
Konstantin Kolinko
Created:
2014-03-18 11:26:12 UTC
Size:
10.96 KB
patch
obsolete
>Index: java/org/apache/jasper/compiler/Generator.java >=================================================================== >--- java/org/apache/jasper/compiler/Generator.java (revision 1578823) >+++ java/org/apache/jasper/compiler/Generator.java (working copy) >@@ -1839,7 +1839,7 @@ > out.print(" + \"\\\""); > } else { > out.print(DOUBLE_QUOTE); >- out.print(attrs.getValue(i).replace("\"", """)); >+ out.print(jspAttrs[i].getValue().replace("\"", """)); > out.print(DOUBLE_QUOTE); > } > } >Index: java/org/apache/jasper/compiler/Validator.java >=================================================================== >--- java/org/apache/jasper/compiler/Validator.java (revision 1578823) >+++ java/org/apache/jasper/compiler/Validator.java (working copy) >@@ -1359,34 +1359,43 @@ > result = new Node.JspAttribute(tai, qName, uri, localName, > value.substring(3, value.length() - 2), true, null, > dynamic); >- } else if (pageInfo.isELIgnored()) { >- result = new Node.JspAttribute(tai, qName, uri, localName, >- value, false, null, dynamic); > } else { >- // The attribute can contain expressions but is not a >- // scriptlet expression; thus, we want to run it through >- // the expression interpreter >+ ELNode.Nodes el = null; >+ if (!pageInfo.isELIgnored()) { >+ // The attribute can contain expressions but is not a >+ // scriptlet expression; thus, we want to run it through >+ // the expression interpreter > >- // validate expression syntax if string contains >- // expression(s) >- ELNode.Nodes el = ELParser.parse(value, pageInfo >- .isDeferredSyntaxAllowedAsLiteral()); >+ // validate expression syntax if string contains >+ // expression(s) >+ el = ELParser.parse(value, >+ pageInfo.isDeferredSyntaxAllowedAsLiteral()); >+ if (el.containsEL()) { >+ validateFunctions(el, n); >+ } else { >+ el = null; >+ } >+ } > >- if (el.containsEL()) { >- >- validateFunctions(el, n); >- >- if (n.getRoot().isXmlSyntax()) { >+ // bug 55198: Apply xml escaping to attributes of >+ // uninterpreted tags on pages using XML syntax >+ // TODO: make this optional for legacy compatibility >+ if (n instanceof Node.UninterpretedTag >+ && n.getRoot().isXmlSyntax()) { >+ if (el != null) { > // The non-EL elements need to be XML escaped > XmlEscapeNonELVisitor v = new XmlEscapeNonELVisitor(); > el.visit(v); >- result = new Node.JspAttribute(tai, qName, uri, >- localName, v.getText(), false, el, dynamic); >+ value = v.getText(); > } else { >- result = new Node.JspAttribute(tai, qName, uri, >- localName, value, false, el, dynamic); >+ value = xmlEscape(value); > } >+ } > >+ result = new Node.JspAttribute(tai, qName, uri, localName, >+ value, false, el, dynamic); >+ >+ if (el != null) { > ELContextImpl ctx = > new ELContextImpl(expressionFactory); > ctx.setFunctionMapper(getFunctionMapper(el)); >@@ -1399,10 +1408,6 @@ > "jsp.error.invalid.expression", value, e > .toString()); > } >- >- } else { >- result = new Node.JspAttribute(tai, qName, uri, >- localName, value, false, null, dynamic); > } > } > } else { >Index: test/org/apache/jasper/compiler/TestParser.java >=================================================================== >--- test/org/apache/jasper/compiler/TestParser.java (revision 1578823) >+++ test/org/apache/jasper/compiler/TestParser.java (working copy) >@@ -328,18 +328,43 @@ > > String result = res.toString(); > >- Assert.assertTrue(result.contains(""1foo1"") || >- result.contains(""1foo1"")); >- Assert.assertTrue(result.contains(""2bar2"") || >- result.contains(""2bar2"")); >- Assert.assertTrue(result.contains(""3a&b3"") || >- result.contains(""3a&b3"")); >- Assert.assertTrue(result.contains(""4&4"") || >- result.contains(""4&4"")); >- Assert.assertTrue(result.contains(""5'5"") || >- result.contains(""5'5"")); >+ Assert.assertTrue(result, >+ result.contains(""1foo1<&>"") >+ || result.contains(""1foo1<&>"")); >+ Assert.assertTrue(result, >+ result.contains(""2bar2<&>"") >+ || result.contains(""2bar2<&>"")); >+ Assert.assertTrue(result, >+ result.contains(""3a&b3"") >+ || result.contains(""3a&b3"")); >+ Assert.assertTrue(result, >+ result.contains(""4&4"") >+ || result.contains(""4&4"")); >+ Assert.assertTrue(result, >+ result.contains(""5'5"") >+ || result.contains(""5'5"")); > } > >+ public void testBug56265() throws Exception { >+ Tomcat tomcat = getTomcatInstance(); >+ >+ File appDir = new File("test/webapp"); >+ // app dir is relative to server home >+ tomcat.addWebapp(null, "/test", appDir.getAbsolutePath()); >+ >+ tomcat.start(); >+ >+ ByteChunk res = getUrl("http://localhost:" + getPort() + >+ "/test/bug5nnnn/bug56265.jsp"); >+ >+ String result = res.toString(); >+ >+ Assert.assertTrue(result, >+ result.contains("[1: [data-test]: [window.alert('Hello World<&>!')]]")); >+ Assert.assertTrue(result, >+ result.contains("[2: [data-test]: [window.alert('Hello 'World<&>'!')]]")); >+ } >+ > /** Assertion for text printed by tags:echo */ > private static void assertEcho(String result, String expected) { > assertTrue(result.indexOf("<p>" + expected + "</p>") > 0); >Index: test/webapp/bug5nnnn/bug56265.jsp >=================================================================== >--- test/webapp/bug5nnnn/bug56265.jsp (revision 0) >+++ test/webapp/bug5nnnn/bug56265.jsp (working copy) >@@ -0,0 +1,28 @@ >+<%-- >+ Licensed to the Apache Software Foundation (ASF) under one or more >+ contributor license agreements. See the NOTICE file distributed with >+ this work for additional information regarding copyright ownership. >+ The ASF licenses this file to You under the Apache License, Version 2.0 >+ (the "License"); you may not use this file except in compliance with >+ the License. You may obtain a copy of the License at >+ >+ http://www.apache.org/licenses/LICENSE-2.0 >+ >+ Unless required by applicable law or agreed to in writing, software >+ distributed under the License is distributed on an "AS IS" BASIS, >+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. >+ See the License for the specific language governing permissions and >+ limitations under the License. >+--%> >+<%@ taglib prefix="tags" tagdir="/WEB-INF/tags" %> >+<% >+request.setAttribute("text", "'World <&>'"); >+%> >+<html> >+ <head><title>Bug 56265 test case</title></head> >+ <body> >+ <p>[1: <tags:bug56265 data-test="window.alert('Hello World<&>!')"/>]</p> >+ <p>[2: <tags:bug56265 data-test="window.alert('Hello ${world}!')"/>]</p> >+ </body> >+</html> >+ > >Property changes on: test/webapp/bug5nnnn/bug56265.jsp >___________________________________________________________________ >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Index: test/webapp/WEB-INF/tags/bug55198.tagx >=================================================================== >--- test/webapp/WEB-INF/tags/bug55198.tagx (revision 1578823) >+++ test/webapp/WEB-INF/tags/bug55198.tagx (working copy) >@@ -17,8 +17,8 @@ > --> > <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0"> > <jsp:directive.tag body-content="scriptless" /> >-<a href="#" onclick="window.alert("1${'foo'}1")">foo</a> >-<a href="#" onclick="window.alert("2bar2")">bar</a> >+<a href="#" onclick="window.alert("1${'foo'}1<&>")">foo</a> >+<a href="#" onclick="window.alert("2bar2<&>")">bar</a> > <a href="#" onclick="window.alert("3${text}3")">foo</a> > <a href="#" onclick="window.alert("4${'&'}4")">foo</a> > <a href="#" onclick="window.alert("5${'&apos;'}5")">foo</a> >Index: test/webapp/WEB-INF/tags/bug56265.tagx >=================================================================== >--- test/webapp/WEB-INF/tags/bug56265.tagx (revision 0) >+++ test/webapp/WEB-INF/tags/bug56265.tagx (working copy) >@@ -0,0 +1,24 @@ >+<?xml version="1.0" encoding="UTF-8" ?> >+<!-- >+ Licensed to the Apache Software Foundation (ASF) under one or more >+ contributor license agreements. See the NOTICE file distributed with >+ this work for additional information regarding copyright ownership. >+ The ASF licenses this file to You under the Apache License, Version 2.0 >+ (the "License"); you may not use this file except in compliance with >+ the License. You may obtain a copy of the License at >+ >+ http://www.apache.org/licenses/LICENSE-2.0 >+ >+ Unless required by applicable law or agreed to in writing, software >+ distributed under the License is distributed on an "AS IS" BASIS, >+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. >+ See the License for the specific language governing permissions and >+ limitations under the License. >+--> >+<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0" >+ xmlns:c="http://java.sun.com/jsp/jstl/core"> >+ <jsp:directive.tag body-content="empty" dynamic-attributes="attMap" /> >+ <c:forEach var="e" items="${attMap}"> >+ <jsp:text>[${e.key}]: [${e.value}]</jsp:text> >+ </c:forEach> >+</jsp:root>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=31400">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 56265
:
31388
|
31390
| 31400 |
31401
|
31402