Author: markt
Date: Thu Nov 5 13:36:12 2015
New Revision: 1712765
URL: http://svn.apache.org/viewvc?rev=1712765&view=rev
Log:
Convert the STRICT_QUOTE_ESCAPING system property setting into a per web
application setting.
Modified:
tomcat/trunk/conf/web.xml
tomcat/trunk/java/org/apache/jasper/EmbeddedServletOptions.java
tomcat/trunk/java/org/apache/jasper/JspC.java
tomcat/trunk/java/org/apache/jasper/Options.java
tomcat/trunk/java/org/apache/jasper/compiler/AttributeParser.java
tomcat/trunk/java/org/apache/jasper/compiler/Parser.java
tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
tomcat/trunk/webapps/docs/jasper-howto.xml
Modified: tomcat/trunk/conf/web.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/conf/web.xml?rev=1712765&r1=1712764&r2=1712765&view=diff
==============================================================================
--- tomcat/trunk/conf/web.xml (original)
+++ tomcat/trunk/conf/web.xml Thu Nov 5 13:36:12 2015
@@ -241,6 +241,14 @@
<!-- -->
<!-- xpoweredBy Determines whether X-Powered-By response -->
<!-- header is added by generated servlet. [false] -->
+ <!-- -->
+ <!-- strictQuoteEscaping When scriptlet expressions are used for -->
+ <!-- attribute values, should the rules in JSP.1.6 -->
+ <!-- for the escaping of quote characters be -->
+ <!-- strictly applied? [true] -->
+ <!-- The default can be changed with the -->
+ <!-- org.apache.jasper.compiler.Parser. -->
+ <!-- STRICT_QUOTE_ESCAPING system property. -->
<servlet>
<servlet-name>jsp</servlet-name>
Modified: tomcat/trunk/java/org/apache/jasper/EmbeddedServletOptions.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/EmbeddedServletOptions.java?rev=1712765&r1=1712764&r2=1712765&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/EmbeddedServletOptions.java (original)
+++ tomcat/trunk/java/org/apache/jasper/EmbeddedServletOptions.java Thu Nov 5
13:36:12 2015
@@ -199,6 +199,20 @@ public final class EmbeddedServletOption
*/
private int jspIdleTimeout = -1;
+ /**
+ * System property that controls if the strict quoting rules are applied
+ * when parsing attribute values that use scriptlet expressions (<%=...%>).
+ */
+ private static final boolean STRICT_QUOTE_ESCAPING_DEFAULT=
Boolean.parseBoolean(
+ System.getProperty(
+ "org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING",
+ "true"));
+ /**
+ * Should JSP.1.6 be applied strictly to attributes defined using scriptlet
+ * expressions?
+ */
+ private boolean strictQuoteEscaping = STRICT_QUOTE_ESCAPING_DEFAULT;
+
public String getProperty(String name ) {
return settings.getProperty( name );
}
@@ -442,6 +456,11 @@ public final class EmbeddedServletOption
return jspIdleTimeout;
}
+ @Override
+ public boolean getStrictQuoteEscaping() {
+ return strictQuoteEscaping;
+ }
+
/**
* Create an EmbeddedServletOptions object using data available from
* ServletConfig and ServletContext.
@@ -741,6 +760,21 @@ public final class EmbeddedServletOption
}
}
+ String strictQuoteEscaping =
config.getInitParameter("strictQuoteEscaping");
+ if (strictQuoteEscaping != null) {
+ if (strictQuoteEscaping.equalsIgnoreCase("true")) {
+ this.strictQuoteEscaping = true;
+ } else if (strictQuoteEscaping.equalsIgnoreCase("false")) {
+ this.strictQuoteEscaping = false;
+ } else {
+ if (log.isWarnEnabled()) {
+
log.warn(Localizer.getMessage("jsp.warning.strictQuoteEscaping",
+ Boolean.toString(STRICT_QUOTE_ESCAPING_DEFAULT)));
+ }
+ }
+ }
+
+
// Setup the global Tag Libraries location cache for this
// web-application.
tldCache = TldCache.getInstance(context);
Modified: tomcat/trunk/java/org/apache/jasper/JspC.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/JspC.java?rev=1712765&r1=1712764&r2=1712765&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/JspC.java (original)
+++ tomcat/trunk/java/org/apache/jasper/JspC.java Thu Nov 5 13:36:12 2015
@@ -107,6 +107,15 @@ public class JspC extends Task implement
// Logger
private static final Log log = LogFactory.getLog(JspC.class);
+ /**
+ * System property that controls if the strict quoting rules are applied
+ * when parsing attribute values that use scriptlet expressions (<%=...%>).
+ */
+ private static final boolean STRICT_QUOTE_ESCAPING_DEFAULT=
Boolean.parseBoolean(
+ System.getProperty(
+ "org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING",
+ "true"));
+
protected static final String SWITCH_VERBOSE = "-v";
protected static final String SWITCH_HELP = "-help";
protected static final String SWITCH_OUTPUT_DIR = "-d";
@@ -137,6 +146,8 @@ public class JspC extends Task implement
protected static final String SWITCH_VALIDATE_XML = "-validateXml";
protected static final String SWITCH_BLOCK_EXTERNAL = "-blockExternal";
protected static final String SWITCH_NO_BLOCK_EXTERNAL =
"-no-blockExternal";
+ protected static final String SWITCH_STRICT_QUOTE_ESCAPING =
"-strictQuoteEscaping";
+ protected static final String SWITCH_NO_STRICT_QUOTE_ESCAPING =
"-no-strictQuoteEscaping";
protected static final String SHOW_SUCCESS ="-s";
protected static final String LIST_ERRORS = "-l";
protected static final int INC_WEBXML = 10;
@@ -170,6 +181,7 @@ public class JspC extends Task implement
protected boolean validateTld;
protected boolean validateXml;
protected boolean blockExternal = true;
+ protected boolean strictQuoteEscaping = STRICT_QUOTE_ESCAPING_DEFAULT;
protected boolean xpoweredBy;
protected boolean mappedFile = false;
protected boolean poolingEnabled = true;
@@ -893,6 +905,15 @@ public class JspC extends Task implement
return blockExternal;
}
+ public void setStrictQuoteEscaping( boolean b ) {
+ this.strictQuoteEscaping = b;
+ }
+
+ @Override
+ public boolean getStrictQuoteEscaping() {
+ return strictQuoteEscaping;
+ }
+
public void setListErrors( boolean b ) {
listErrors = b;
}
Modified: tomcat/trunk/java/org/apache/jasper/Options.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/Options.java?rev=1712765&r1=1712764&r2=1712765&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/Options.java (original)
+++ tomcat/trunk/java/org/apache/jasper/Options.java Thu Nov 5 13:36:12 2015
@@ -231,4 +231,10 @@ public interface Options {
* If unset or less or equal than 0, no jsps are unloaded.
*/
public int getJspIdleTimeout();
+
+ /**
+ * @return {@code true} if the quote escaping required by section JSP.1.6
of
+ * the JSP specification should be applied to scriplet expression.
+ */
+ public boolean getStrictQuoteEscaping();
}
Modified: tomcat/trunk/java/org/apache/jasper/compiler/AttributeParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/AttributeParser.java?rev=1712765&r1=1712764&r2=1712765&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/AttributeParser.java (original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/AttributeParser.java Thu Nov
5 13:36:12 2015
@@ -28,12 +28,6 @@ package org.apache.jasper.compiler;
*/
public class AttributeParser {
- /* System property that controls if the strict quoting rules are applied.
*/
- private static final boolean STRICT_QUOTE_ESCAPING = Boolean.parseBoolean(
- System.getProperty(
- "org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING",
- "true"));
-
/**
* Parses the provided input String as a JSP attribute and returns an
* unquoted value.
@@ -45,34 +39,13 @@ public class AttributeParser {
* where the JSP attribute is defined.
* @param isDeferredSyntaxAllowedAsLiteral
* Are deferred expressions treated as literals?
+ * @param strict Should the rules of JSP.1.6 for escpaing quotes be
+ * strictly applied?
* @return An unquoted JSP attribute that, if it contains
* expression language can be safely passed to the EL
* processor without fear of ambiguity.
*/
public static String getUnquoted(String input, char quote,
- boolean isELIgnored, boolean isDeferredSyntaxAllowedAsLiteral) {
- return (new AttributeParser(input, quote, isELIgnored,
- isDeferredSyntaxAllowedAsLiteral,
- STRICT_QUOTE_ESCAPING)).getUnquoted();
- }
-
- /**
- * Provided solely for unit test purposes and allows per call overriding of
- * the STRICT_QUOTE_ESCAPING system property.
- *
- * @param input The input.
- * @param quote The quote character for the attribute or 0 for
- * scripting expressions.
- * @param isELIgnored Is expression language being ignored on the page
- * where the JSP attribute is defined.
- * @param isDeferredSyntaxAllowedAsLiteral
- * Are deferred expressions treated as literals?
- * @param strict The value to use for STRICT_QUOTE_ESCAPING.
- * @return An unquoted JSP attribute that, if it contains
- * expression language can be safely passed to the EL
- * processor without fear of ambiguity.
- */
- protected static String getUnquoted(String input, char quote,
boolean isELIgnored, boolean isDeferredSyntaxAllowedAsLiteral,
boolean strict) {
return (new AttributeParser(input, quote, isELIgnored,
@@ -92,7 +65,9 @@ public class AttributeParser {
/* Are deferred expression treated as literals */
private final boolean isDeferredSyntaxAllowedAsLiteral;
- /* Overrides the STRICT_QUOTE_ESCAPING. Used for Unit tests only. */
+ /* If a quote appears that matches quote, must it always be escaped? See
+ * JSP.1.6.
+ */
private final boolean strict;
/* The type ($ or #) of expression. Literals have a type of null. */
Modified: tomcat/trunk/java/org/apache/jasper/compiler/Parser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/Parser.java?rev=1712765&r1=1712764&r2=1712765&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/Parser.java (original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/Parser.java Thu Nov 5
13:36:12 2015
@@ -281,7 +281,8 @@ class Parser implements TagConstants {
ret = AttributeParser.getUnquoted(reader.getText(start, stop),
quote, isElIgnored,
- pageInfo.isDeferredSyntaxAllowedAsLiteral());
+ pageInfo.isDeferredSyntaxAllowedAsLiteral(),
+ ctxt.getOptions().getStrictQuoteEscaping());
} catch (IllegalArgumentException iae) {
err.jspError(start, iae.getMessage());
}
Modified: tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1712765&r1=1712764&r2=1712765&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties Thu
Nov 5 13:36:12 2015
@@ -123,6 +123,7 @@ jsp.warning.suppressSmap=Warning: Invali
jsp.warning.displaySourceFragment=Warning: Invalid value for the initParam
displaySourceFragment. Will use the default value of \"true\"
jsp.warning.maxLoadedJsps=Warning: Invalid value for the initParam
maxLoadedJsps. Will use the default value of \"-1\"
jsp.warning.jspIdleTimeout=Warning: Invalid value for the initParam
jspIdleTimeout. Will use the default value of \"-1\"
+jsp.warning.strictQuoteEscaping=Warning: Invalid value for the initParam
strictQuoteEscaping. Will use the default value of \"{0}\"
jsp.warning.unknown.element.in.taglib=Unknown element ({0}) in taglib
jsp.warning.unknown.element.in.tag=Unknown element ({0}) in tag
jsp.warning.unknown.element.in.tagfile=Unknown element ({0}) in tag-file
Modified: tomcat/trunk/webapps/docs/jasper-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/jasper-howto.xml?rev=1712765&r1=1712764&r2=1712765&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/jasper-howto.xml (original)
+++ tomcat/trunk/webapps/docs/jasper-howto.xml Thu Nov 5 13:36:12 2015
@@ -197,8 +197,14 @@ actions or directives be trimmed ?, defa
<li><strong>xpoweredBy</strong> - Determines whether X-Powered-By response
header is added by generated servlet. <code>true</code> or <code>false</code>,
default <code>false</code>.</li>
-</ul>
+<li><strong>strictQuoteEscaping</strong> - When scriptlet expressions are used
+for attribute values, should the rules in JSP.1.6 for the escaping of quote
+characters be strictly applied? <code>true</code> or <code>false</code>,
default
+<code>true</code> which can be changed with the
+<code>org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING</code> system
+property.</li>
+</ul>
<p>The Java compiler from Eclipse JDT in included as the default compiler. It
is
an advanced Java compiler which will load all dependencies from the Tomcat
class
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
