Bug 44392 - HTML entities not resolved in SSI filter
Summary: HTML entities not resolved in SSI filter
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 6.0.14
Hardware: Other other
: P2 normal (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2008-02-11 05:37 UTC by Konrad Windszus
Modified: 2014-02-17 13:48 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Konrad Windszus 2008-02-11 05:37:37 UTC
HTML entities which are contained in an SSI set directive aren't resolved by the
SSI filter (in contrary to what is done by mod_include of Apaches HTTP).

mod_include resolves all HTML entities in most of the attribute values of ssi
directives. It also resolves \" to " and \$ to $.

The ssi filter of tomcat resolves all escaped character which are escaped with a
backslash, but no HTML entities at all.

Apart from that, giving encoding "entity" should be different from giving
encoding="none" to the SSI echo directive. One should replace all invalid HTML
characters by valid HTML entities and the other one should do nothing.

The encoding is especially important if you wan't to store a HTML-Comment within
a SSI variable.

If I want to store a variable test with the value "<!-- testvalue "x" -->"

<!--#set var="test" value="<!-- testvalue "x" -->"-->

for mod_include you must write:

<!--#set var="test" value="<!&#45;&#45; testvalue \"x\" &#45;&#45;>" -->

for Tomcats SSI you must write:

<!--#set var="test" value="<!\-\- testvalue \"x\" \-\->" -->

And there should be a difference whether I output this variable with
<!--#echo var="test" encoding="none" -->  
which should lead to <!-- testvalue "x" -->, or
<!--#echo var="test" encoding="entity" -->
which should lead to &lt;!-- testvalue &quot;x&quot; --&gt;
Comment 1 Mark Thomas 2008-04-11 13:11:57 UTC
This has been fixed in trunk and proposed for 6.0.x.
Comment 2 Mark Thomas 2008-04-17 10:44:47 UTC
The patch has been applied to 6.0.x and will be in 6.0.17 onwards.