Bug 36923 - Deactivated EL expressions are not parsed for jsp expressions/scriptlets/etc
Deactivated EL expressions are not parsed for jsp expressions/scriptlets/etc
Status: RESOLVED FIXED
Product: Tomcat 5
Classification: Unclassified
Component: Jasper
5.5.9
All All
: P3 normal with 1 vote (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2005-10-05 01:08 UTC by Yegor Borovikov
Modified: 2009-06-24 13:13 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Yegor Borovikov 2005-10-05 01:08:53 UTC
JavaServer Pages Specification 2.0, section JSP.3.3.2 says:
---
Since the syntactic pattern ${expr} was not reserved in the JSP specifications
before JSP 2.0, there may be situations where such a pattern appears but the
intention is not to activate EL expression evaluation but rather to pass through
the pattern verbatim. To address this, the EL evaluation machinery can be
deactivated as indicated in this section.
[...]
The default mode for JSP pages in a Web Application delivered using a web.xml
using the Servlet 2.3 or earlier format is to ignore EL expressions; this
provides for backward compatibility.
---

However, even with deactivated EL expression evaluation, jsp code like:
<%@ page isELIgnored="true" %>${<%= "Hello, world!" %>}

will produce output like:
${<%= "Hello, world!" %>}

which is of course not backwards-compatible with Servlet 2.3 / JSP 1.2 container
(e.g., Tomcat 4.x), where the output would be:
${Hello, world!}

The ${...} syntax is widely used, and any pre-2.0 jsp pages having it would be
incompatible with Tomcat 5.x even though the standard tries to ensure the
compatibility.
Comment 1 Mark Thomas 2009-01-01 11:09:09 UTC
This bug has been fixed in trunk and proposed for 6.0.x

Fixing it in Tomcat 5 will require the back-porting of the isELIgnored work form Tomcat 6. I've started on that and will proposed a combined patch once I have completed my testing.
Comment 2 Mark Thomas 2009-01-01 12:38:11 UTC
I have proposed a port of the fix (with the parsing changes) to 5.5.x
Comment 3 Mark Thomas 2009-01-31 00:59:34 UTC
The fix has been applied to 6.0.x and will be included in 6.0.19 onwards.
Comment 4 Mark Thomas 2009-06-24 13:13:37 UTC
This has been fixed in 5.5.x and will be included in 5.5.28 onwards.