Summary: | attribute values within a .tag(x) file are not properly escaped | ||
---|---|---|---|
Product: | Tomcat 6 | Reporter: | Lucas Galfaso <lgalfaso> |
Component: | Jasper | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 6.0.14 | ||
Target Milestone: | default | ||
Hardware: | Other | ||
OS: | All | ||
Attachments: | Proposed patch |
Description
Lucas Galfaso
2007-10-12 18:29:40 UTC
Created attachment 20973 [details]
Proposed patch
I think you meant " rather than & in your patch. I have commited a variation to trunk and proposed it for 6.0.x Hi Mark and sorry to bug you, but the commited patch is still not good, the test case is <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" xmlns="http://www.w3.org/1999/xhtml" version="2.1"> <div test='"' thisIsPartOfTheAttributeValueAndNotANewAttribute=&apos:-)''>Hello world</div> </jsp:root> I think there is no way around to inserting the xml escape code. Thanks for the additional test case. I have applied a better patch based on your original proposal. The fix has been committed and will be in 6.0.17 onwards. |