Index: java/org/apache/jasper/compiler/Generator.java =================================================================== --- java/org/apache/jasper/compiler/Generator.java (revision 1578812) +++ java/org/apache/jasper/compiler/Generator.java (working copy) @@ -1839,7 +1839,7 @@ out.print(" + \"\\\""); } else { out.print(DOUBLE_QUOTE); - out.print(attrs.getValue(i).replace("\"", """)); + out.print(jspAttrs[i].getValue().replace("\"", """)); out.print(DOUBLE_QUOTE); } } Index: java/org/apache/jasper/compiler/Validator.java =================================================================== --- java/org/apache/jasper/compiler/Validator.java (revision 1578812) +++ java/org/apache/jasper/compiler/Validator.java (working copy) @@ -1402,7 +1402,7 @@ } else { result = new Node.JspAttribute(tai, qName, uri, - localName, value, false, null, dynamic); + localName, xmlEscape(value), false, null, dynamic); } } } else { Index: test/org/apache/jasper/compiler/TestParser.java =================================================================== --- test/org/apache/jasper/compiler/TestParser.java (revision 1578812) +++ test/org/apache/jasper/compiler/TestParser.java (working copy) @@ -14,7 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.apache.jasper.compiler; import java.io.File; @@ -27,8 +26,11 @@ import org.junit.Assert; import org.junit.Test; +import org.apache.catalina.WebResourceRoot; +import org.apache.catalina.core.StandardContext; import org.apache.catalina.startup.Tomcat; import org.apache.catalina.startup.TomcatBaseTest; +import org.apache.catalina.webresources.StandardRoot; import org.apache.tomcat.util.buf.ByteChunk; /** @@ -328,18 +330,58 @@ String result = res.toString(); - Assert.assertTrue(result.contains(""1foo1"") || - result.contains(""1foo1"")); - Assert.assertTrue(result.contains(""2bar2"") || - result.contains(""2bar2"")); - Assert.assertTrue(result.contains(""3a&b3"") || - result.contains(""3a&b3"")); - Assert.assertTrue(result.contains(""4&4"") || - result.contains(""4&4"")); - Assert.assertTrue(result.contains(""5'5"") || - result.contains(""5'5"")); + Assert.assertTrue(result, + result.contains(""1foo1<&>"") + || result.contains(""1foo1<&>"")); + Assert.assertTrue(result, + result.contains(""2bar2<&>"") + || result.contains(""2bar2<&>"")); + Assert.assertTrue(result, + result.contains(""3a&b3"") + || result.contains(""3a&b3"")); + Assert.assertTrue(result, + result.contains(""4&4"") + || result.contains(""4&4"")); + Assert.assertTrue(result, + result.contains(""5'5"") + || result.contains(""5'5"")); } + @Test + public void testBug56265() throws Exception { + Tomcat tomcat = getTomcatInstance(); + + File appDir = new File("test/webapp"); + // app dir is relative to server home + StandardContext ctxt = (StandardContext) tomcat.addWebapp(null, + "/test", appDir.getAbsolutePath()); + + // This test needs the JSTL libraries + File lib = new File("webapps/examples/WEB-INF/lib"); + ctxt.setResources(new StandardRoot(ctxt)); + ctxt.getResources().createWebResourceSet( + WebResourceRoot.ResourceSetType.POST, "/WEB-INF/lib", + lib.getAbsolutePath(), null, "/"); + + tomcat.start(); + + ByteChunk res = getUrl("http://localhost:" + getPort() + + "/test/bug5nnnn/bug56265.jsp"); + + String result = res.toString(); + + Assert.assertTrue(result, + result.contains("[1: [data-test]: [window.alert('Hello World <&>!')]]") || + result.contains("[1: [data-test]: [window.alert('Hello World <&>!')]]")); + Assert.assertTrue(result, + result.contains("[2: [data-test]: [window.alert('Hello World <&>!')]]")); + Assert.assertTrue(result, + result.contains("[3: [data-test]: [window.alert('Hello 'World <&>'!')]]") || + result.contains("[3: [data-test]: [window.alert('Hello 'World <&>'!')]]")); + Assert.assertTrue(result, + result.contains("[4: [data-test]: [window.alert('Hello 'World <&>'!')]]")); + } + /** Assertion for text printed by tags:echo */ private static void assertEcho(String result, String expected) { assertTrue(result.indexOf("
" + expected + "
") > 0); Index: test/webapp/WEB-INF/tags/bug55198.tagx =================================================================== --- test/webapp/WEB-INF/tags/bug55198.tagx (revision 1578812) +++ test/webapp/WEB-INF/tags/bug55198.tagx (working copy) @@ -17,8 +17,8 @@ -->[1:
[2:
[3:
[4: