Summary: | Additional quote entity in html element attribute evaluated in tagx if attribute contains EL expression | ||
---|---|---|---|
Product: | Tomcat 6 | Reporter: | azuo.lee |
Component: | Jasper | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | unspecified | ||
Target Milestone: | default | ||
Hardware: | All | ||
OS: | All |
Description
azuo.lee
2013-11-02 06:14:56 UTC
Um... it seems JSP spec doesn't clarify the behavior at all... But XSLT does. If we "borrow" rules from XSLT, then some correct examples could be (text="2 > 1"): tagx/jspx: <div title=""${text}"">ABCD</div> output: <div title=""2 &gt; 1"">ABCD</div> tagx/jspx: <div>"<c:out value="&nbsp;${text}"" escapeXml="false"></div> output: <div>" 2 > 1"</div> But XSLT doesn't allow expressions in template text, thus, what can be the correct result generated by the following example? tagx/jspx: <div>"${text}"</div> Should it be output: <div>"2 &gt; 1"</div> or output: <div>"2 > 1"</div> or output: <div>"2 > 1"</div> or output: <div>"2 &gt; 1"</div> ???????? Conclusion: 1. If you use jspx or tagx, then never use any EL expressions within attribute values, and always use JSTL <out> tag to output expression values within template content -- unless you know the expression value must not contain any XML reserved characters; 2. Do not use jspx or tagx at all, use jsp and tag files instead -- whose behaviors are relatively determined. Thanks for the report. This was a regression in the fix for bug55198. This has been fixed in trunk for 8.0.0-RC6 onwards. This has been fixed in 7.0.x for 7.0.48 onwards. I've updated the back-port proposal for 55198 to include the fix for this regression so there is no need to keep this bug open. |