Attachment #31402 for bug #56265

View | Details | Raw Unified | Return to bug 56265
Collapse All | Expand All

Lines 1839-1845 Link Here

(-)java/org/apache/jasper/compiler/Generator.java (-1 / +1 lines)
1839	out.print(" + \"\\\"");	1839	out.print(" + \"\\\"");
1840	} else {	1840	} else {
1841	out.print(DOUBLE_QUOTE);	1841	out.print(DOUBLE_QUOTE);
1842	out.print(attrs.getValue(i).replace("\"", """));	1842	out.print(jspAttrs[i].getValue().replace("\"", """));
1843	out.print(DOUBLE_QUOTE);	1843	out.print(DOUBLE_QUOTE);
1844	}	1844	}
1845	}	1845	}




                    result = new Node.JspAttribute(tai, qName, uri, localName,
                            value.substring(3, value.length() - 2), true, null,
                            dynamic);
                } else if (pageInfo.isELIgnored()) {
                    result = new Node.JspAttribute(tai, qName, uri, localName,
                            value, false, null, dynamic);
                } else {
                    ELNode.Nodes el = null;
                    if (!pageInfo.isELIgnored()) {
                        // The attribute can contain expressions but is not a
                        // scriptlet expression; thus, we want to run it through
                        // the expression interpreter

                        // validate expression syntax if string contains
                        // expression(s)
                        el = ELParser.parse(value,
                                pageInfo.isDeferredSyntaxAllowedAsLiteral());

                        if (el.containsEL()) {
                            validateFunctions(el, n);
                        } else {
                            el = null;
                        }
                    }

                    if (n instanceof Node.UninterpretedTag &&
                            n.getRoot().isXmlSyntax()) {
                        if (el != null) {
                            // The non-EL elements need to be XML escaped
                            XmlEscapeNonELVisitor v = new XmlEscapeNonELVisitor();
                            el.visit(v);
                            value = v.getText();
                                    localName, v.getText(), false, el, dynamic);
                        } else {
                            value = xmlEscape(value);
                                    localName, value, false, el, dynamic);
                        }
                    }

                    result = new Node.JspAttribute(tai, qName, uri, localName,
                            value, false, el, dynamic);

                    if (el != null) {
                        ELContextImpl ctx =
                                new ELContextImpl(expressionFactory);
                        ctx.setFunctionMapper(getFunctionMapper(el));

                                    "jsp.error.invalid.expression", value, e
                                            .toString());
                        }
                    }

                    } else {
                        result = new Node.JspAttribute(tai, qName, uri,
                                localName, value, false, null, dynamic);
                    }
                }
            } else {
                // Value is null. Check for any NamedAttribute subnodes




 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.jasper.compiler;

import java.io.File;

import org.junit.Assert;
import org.junit.Test;

import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.core.StandardContext;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
import org.apache.catalina.webresources.StandardRoot;
import org.apache.tomcat.util.buf.ByteChunk;

/**


        String result = res.toString();

        Assert.assertTrue(result,
                result.contains("&quot;1foo1&lt;&amp;&gt;&quot;")
             || result.contains("&#034;1foo1&lt;&amp;&gt;&#034;"));
        Assert.assertTrue(result,
                result.contains("&quot;2bar2&lt;&amp;&gt;&quot;")
             || result.contains("&#034;2bar2&lt;&amp;&gt;&#034;"));
        Assert.assertTrue(result,
                result.contains("&quot;3a&amp;b3&quot;")
             || result.contains("&#034;3a&amp;b3&#034;"));
        Assert.assertTrue(result,
                result.contains("&quot;4&4&quot;")
             || result.contains("&#034;4&4&#034;"));
        Assert.assertTrue(result,
                result.contains("&quot;5&apos;5&quot;")
             || result.contains("&#034;5&apos;5&#034;"));
    }

    @Test
    public void testBug56265() throws Exception {
        Tomcat tomcat = getTomcatInstance();

        File appDir = new File("test/webapp");
        // app dir is relative to server home
        StandardContext ctxt = (StandardContext) tomcat.addWebapp(null,
                "/test", appDir.getAbsolutePath());

        // This test needs the JSTL libraries
        File lib = new File("webapps/examples/WEB-INF/lib");
        ctxt.setResources(new StandardRoot(ctxt));
        ctxt.getResources().createWebResourceSet(
                WebResourceRoot.ResourceSetType.POST, "/WEB-INF/lib",
                lib.getAbsolutePath(), null, "/");

        tomcat.start();

        ByteChunk res = getUrl("http://localhost:" + getPort() +
                "/test/bug5nnnn/bug56265.jsp");

        String result = res.toString();

        Assert.assertTrue(result,
                result.contains("[1: [data-test]: [window.alert('Hello World <&>!')]]"));
        Assert.assertTrue(result,
                result.contains("[2: [data-test]: [window.alert('Hello World <&>!')]]"));
        Assert.assertTrue(result,
                result.contains("[3: [data-test]: [window.alert('Hello 'World <&>'!')]]"));
        Assert.assertTrue(result,
                result.contains("[4: [data-test]: [window.alert('Hello 'World <&>'!')]]"));
    }

    /** Assertion for text printed by tags:echo */
    private static void assertEcho(String result, String expected) {
        assertTrue(result.indexOf("<p>" + expected + "</p>") > 0);

Lines 17-24 Link Here

(-)test/webapp/WEB-INF/tags/bug55198.tagx (-2 / +2 lines)
17	-->	17	-->
18	<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0">	18	<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0">
19	<jsp:directive.tag body-content="scriptless" />	19	<jsp:directive.tag body-content="scriptless" />
20	<a href="#" onclick="window.alert("1${'foo'}1")">foo</a>	20	<a href="#" onclick="window.alert("1${'foo'}1<&>")">foo</a>
21	<a href="#" onclick="window.alert("2bar2")">bar</a>	21	<a href="#" onclick="window.alert("2bar2<&>")">bar</a>
22	<a href="#" onclick="window.alert("3${text}3")">foo</a>	22	<a href="#" onclick="window.alert("3${text}3")">foo</a>
23	<a href="#" onclick="window.alert("4${'&'}4")">foo</a>	23	<a href="#" onclick="window.alert("4${'&'}4")">foo</a>
24	<a href="#" onclick="window.alert("5${'&apos;'}5")">foo</a>	24	<a href="#" onclick="window.alert("5${'&apos;'}5")">foo</a>




<?xml version="1.0" encoding="UTF-8" ?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0"
 xmlns:c="http://java.sun.com/jsp/jstl/core">
  <jsp:directive.tag body-content="empty" dynamic-attributes="attMap" />
  <c:forEach var="e" items="${attMap}">
    <jsp:text>[${e.key}]: [${e.value}]</jsp:text>
  </c:forEach>
</jsp:root>




<%--
 Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
--%>
<%@ taglib prefix="tags" tagdir="/WEB-INF/tags" %>
<%
request.setAttribute("text", "World <&>");
request.setAttribute("textQuote", "'World <&>'");
%>
<html>
  <head><title>Bug 56265 test case</title></head>
  <body>
    <p>[1: <tags:bug56265 data-test="window.alert('Hello World <&>!')"/>]</p>
    <p>[2: <tags:bug56265 data-test="window.alert('Hello ${text}!')"/>]</p>
    <p>[3: <tags:bug56265 data-test="window.alert('Hello &apos;World <&>&apos;!')"/>]</p>
    <p>[4: <tags:bug56265 data-test="window.alert('Hello ${textQuote}!')"/>]</p>
  </body>
</html>

Return to bug 56265

Lines 1359-1392 Link Here

(-)java/org/apache/jasper/compiler/Validator.java (-22 / +26 lines)
1359	result = new Node.JspAttribute(tai, qName, uri, localName,	1359	result = new Node.JspAttribute(tai, qName, uri, localName,
1360	value.substring(3, value.length() - 2), true, null,	1360	value.substring(3, value.length() - 2), true, null,
1361	dynamic);	1361	dynamic);
1362	} else if (pageInfo.isELIgnored()) {
1363	result = new Node.JspAttribute(tai, qName, uri, localName,
1364	value, false, null, dynamic);
1365	} else {	1362	} else {
1366	// The attribute can contain expressions but is not a	1363	ELNode.Nodes el = null;
1367	// scriptlet expression; thus, we want to run it through	1364	if (!pageInfo.isELIgnored()) {
1368	// the expression interpreter	1365	// The attribute can contain expressions but is not a
		1366	// scriptlet expression; thus, we want to run it through
		1367	// the expression interpreter
1369		1368
1370	// validate expression syntax if string contains	1369	// validate expression syntax if string contains
1371	// expression(s)	1370	// expression(s)
1372	ELNode.Nodes el = ELParser.parse(value, pageInfo	1371	el = ELParser.parse(value,
1373	.isDeferredSyntaxAllowedAsLiteral());	1372	pageInfo.isDeferredSyntaxAllowedAsLiteral());
1374		1373
1375	if (el.containsEL()) {	1374	if (el.containsEL()) {
		1375	validateFunctions(el, n);
		1376	} else {
		1377	el = null;
		1378	}
		1379	}
1376		1380
1377	validateFunctions(el, n);	1381	if (n instanceof Node.UninterpretedTag &&
1378		1382	n.getRoot().isXmlSyntax()) {
1379	if (n.getRoot().isXmlSyntax()) {	1383	if (el != null) {
1380	// The non-EL elements need to be XML escaped	1384	// The non-EL elements need to be XML escaped
1381	XmlEscapeNonELVisitor v = new XmlEscapeNonELVisitor();	1385	XmlEscapeNonELVisitor v = new XmlEscapeNonELVisitor();
1382	el.visit(v);	1386	el.visit(v);
1383	result = new Node.JspAttribute(tai, qName, uri,	1387	value = v.getText();
1384	localName, v.getText(), false, el, dynamic);
1385	} else {	1388	} else {
1386	result = new Node.JspAttribute(tai, qName, uri,	1389	value = xmlEscape(value);
1387	localName, value, false, el, dynamic);
1388	}	1390	}
		1391	}
1389		1392
		1393	result = new Node.JspAttribute(tai, qName, uri, localName,
		1394	value, false, el, dynamic);
		1395
		1396	if (el != null) {
1390	ELContextImpl ctx =	1397	ELContextImpl ctx =
1391	new ELContextImpl(expressionFactory);	1398	new ELContextImpl(expressionFactory);
1392	ctx.setFunctionMapper(getFunctionMapper(el));	1399	ctx.setFunctionMapper(getFunctionMapper(el));
Lines 1399-1409 Link Here
1399	"jsp.error.invalid.expression", value, e	1406	"jsp.error.invalid.expression", value, e
1400	.toString());	1407	.toString());
1401	}	1408	}
		1409	}
1402		1410
1403	} else {
1404	result = new Node.JspAttribute(tai, qName, uri,
1405	localName, value, false, null, dynamic);
1406	}
1407	}	1411	}
1408	} else {	1412	} else {
1409	// Value is null. Check for any NamedAttribute subnodes	1413	// Value is null. Check for any NamedAttribute subnodes

Lines 14-20 Link Here

(-)test/org/apache/jasper/compiler/TestParser.java (-11 / +51 lines)
14	* See the License for the specific language governing permissions and	14	* See the License for the specific language governing permissions and
15	* limitations under the License.	15	* limitations under the License.
16	*/	16	*/
17
18	package org.apache.jasper.compiler;	17	package org.apache.jasper.compiler;
19		18
20	import java.io.File;	19	import java.io.File;
Lines 27-34 Link Here
27	import org.junit.Assert;	26	import org.junit.Assert;
28	import org.junit.Test;	27	import org.junit.Test;
29		28
		29	import org.apache.catalina.WebResourceRoot;
		30	import org.apache.catalina.core.StandardContext;
30	import org.apache.catalina.startup.Tomcat;	31	import org.apache.catalina.startup.Tomcat;
31	import org.apache.catalina.startup.TomcatBaseTest;	32	import org.apache.catalina.startup.TomcatBaseTest;
		33	import org.apache.catalina.webresources.StandardRoot;
32	import org.apache.tomcat.util.buf.ByteChunk;	34	import org.apache.tomcat.util.buf.ByteChunk;
33		35
34	/**	36	/**
Lines 328-345 Link Here
328		330
329	String result = res.toString();	331	String result = res.toString();
330		332
331	Assert.assertTrue(result.contains(""1foo1"") \|\|	333	Assert.assertTrue(result,
332	result.contains(""1foo1""));	334	result.contains(""1foo1<&>"")
333	Assert.assertTrue(result.contains(""2bar2"") \|\|	335	\|\| result.contains(""1foo1<&>""));
334	result.contains(""2bar2""));	336	Assert.assertTrue(result,
335	Assert.assertTrue(result.contains(""3a&b3"") \|\|	337	result.contains(""2bar2<&>"")
336	result.contains(""3a&b3""));	338	\|\| result.contains(""2bar2<&>""));
337	Assert.assertTrue(result.contains(""4&4"") \|\|	339	Assert.assertTrue(result,
338	result.contains(""4&4""));	340	result.contains(""3a&b3"")
339	Assert.assertTrue(result.contains(""5'5"") \|\|	341	\|\| result.contains(""3a&b3""));
340	result.contains(""5'5""));	342	Assert.assertTrue(result,
		343	result.contains(""4&4"")
		344	\|\| result.contains(""4&4""));
		345	Assert.assertTrue(result,
		346	result.contains(""5'5"")
		347	\|\| result.contains(""5'5""));
341	}	348	}
342		349
		350	@Test
		351	public void testBug56265() throws Exception {
		352	Tomcat tomcat = getTomcatInstance();
		353
		354	File appDir = new File("test/webapp");
		355	// app dir is relative to server home
		356	StandardContext ctxt = (StandardContext) tomcat.addWebapp(null,
		357	"/test", appDir.getAbsolutePath());
		358
		359	// This test needs the JSTL libraries
		360	File lib = new File("webapps/examples/WEB-INF/lib");
		361	ctxt.setResources(new StandardRoot(ctxt));
		362	ctxt.getResources().createWebResourceSet(
		363	WebResourceRoot.ResourceSetType.POST, "/WEB-INF/lib",
		364	lib.getAbsolutePath(), null, "/");
		365
		366	tomcat.start();
		367
		368	ByteChunk res = getUrl("http://localhost:" + getPort() +
		369	"/test/bug5nnnn/bug56265.jsp");
		370
		371	String result = res.toString();
		372
		373	Assert.assertTrue(result,
		374	result.contains("[1: [data-test]: [window.alert('Hello World <&>!')]]"));
		375	Assert.assertTrue(result,
		376	result.contains("[2: [data-test]: [window.alert('Hello World <&>!')]]"));
		377	Assert.assertTrue(result,
		378	result.contains("[3: [data-test]: [window.alert('Hello 'World <&>'!')]]"));
		379	Assert.assertTrue(result,
		380	result.contains("[4: [data-test]: [window.alert('Hello 'World <&>'!')]]"));
		381	}
		382
343	/** Assertion for text printed by tags:echo */	383	/** Assertion for text printed by tags:echo */
344	private static void assertEcho(String result, String expected) {	384	private static void assertEcho(String result, String expected) {
345	assertTrue(result.indexOf("<p>" + expected + "</p>") > 0);	385	assertTrue(result.indexOf("<p>" + expected + "</p>") > 0);

Line 0 Link Here

(-)test/webapp/WEB-INF/tags/bug56265.tagx (+24 lines)
	1	<?xml version="1.0" encoding="UTF-8" ?>
	2	<!--
	3	Licensed to the Apache Software Foundation (ASF) under one or more
	4	contributor license agreements. See the NOTICE file distributed with
	5	this work for additional information regarding copyright ownership.
	6	The ASF licenses this file to You under the Apache License, Version 2.0
	7	(the "License"); you may not use this file except in compliance with
	8	the License. You may obtain a copy of the License at
	9
	10	http://www.apache.org/licenses/LICENSE-2.0
	11
	12	Unless required by applicable law or agreed to in writing, software
	13	distributed under the License is distributed on an "AS IS" BASIS,
	14	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	15	See the License for the specific language governing permissions and
	16	limitations under the License.
	17	-->
	18	<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0"
	19	xmlns:c="http://java.sun.com/jsp/jstl/core">
	20	<jsp:directive.tag body-content="empty" dynamic-attributes="attMap" />
	21	<c:forEach var="e" items="${attMap}">
	22	<jsp:text>[${e.key}]: [${e.value}]</jsp:text>
	23	</c:forEach>
	24	</jsp:root>

Line 0 Link Here

(-)test/webapp/bug5nnnn/bug56265.jsp (+30 lines)
	1	<%--
	2	Licensed to the Apache Software Foundation (ASF) under one or more
	3	contributor license agreements. See the NOTICE file distributed with
	4	this work for additional information regarding copyright ownership.
	5	The ASF licenses this file to You under the Apache License, Version 2.0
	6	(the "License"); you may not use this file except in compliance with
	7	the License. You may obtain a copy of the License at
	8
	9	http://www.apache.org/licenses/LICENSE-2.0
	10
	11	Unless required by applicable law or agreed to in writing, software
	12	distributed under the License is distributed on an "AS IS" BASIS,
	13	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	14	See the License for the specific language governing permissions and
	15	limitations under the License.
	16	--%>
	17	<%@ taglib prefix="tags" tagdir="/WEB-INF/tags" %>
	18	<%
	19	request.setAttribute("text", "World <&>");
	20	request.setAttribute("textQuote", "'World <&>'");
	21	%>
	22	<html>
	23	<head><title>Bug 56265 test case</title></head>
	24	<body>
	25	<p>[1: <tags:bug56265 data-test="window.alert('Hello World <&>!')"/>]</p>
	26	<p>[2: <tags:bug56265 data-test="window.alert('Hello ${text}!')"/>]</p>
	27	<p>[3: <tags:bug56265 data-test="window.alert('Hello 'World <&>'!')"/>]</p>
	28	<p>[4: <tags:bug56265 data-test="window.alert('Hello ${textQuote}!')"/>]</p>
	29	</body>
	30	</html>