Bug 32287

Summary: Escape tag no longer escaping for Javascript
Product: Taglibs Reporter: Jason Pettiss <jpettiss>
Component: String TaglibAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: nightly   
Target Milestone: ---   
Hardware: PC   
OS: Windows XP   
Attachments: Suggested patch (Java to JavaScript in two places)

Description Jason Pettiss 2004-11-17 23:00:34 UTC 
The single quote is no longer being escaped, which of course breaks use of the
EscapeTag with Javascript.  Given that Javascript is more likely generated than
Java code, perhaps EscapeTag should instead call StringEscapeUtils.escapeJavaScript.

EscapeTag r1.4 called StringUtils.escape(text), which back then had the effect
of escaping for both java and javascript, where a single quote would get
escaped.  StringUtils.escape was deprecated and methods split out to escape for
java or javascript.

Note, the comment says it escapes to Java-compatible string, but then gives
escaping a single quote as an example, which is no longer done in the util
class.  Note that escaping for javascript also escapes for java (but the reverse
is not true).
Comment 1 Jason Pettiss 2004-11-17 23:01:55 UTC 
Created attachment 13488 [details]
Suggested patch (Java to JavaScript in two places)
Comment 2 Felipe Leme 2004-11-18 01:15:23 UTC 
Applied - thanks for the patch.