Author: markt
Date: Tue Oct 7 12:10:51 2008
New Revision: 702587
URL: http://svn.apache.org/viewvc?rev=702587&view=rev
Log:
EG confirmed that attribute values should be fully escaped, including any EL.
Note this does not fix bug 45451.
Modified:
tomcat/trunk/java/org/apache/jasper/compiler/Parser.java
Modified: tomcat/trunk/java/org/apache/jasper/compiler/Parser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/Parser.java?rev=702587&r1=702586&r2=702587&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/Parser.java (original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/Parser.java Tue Oct 7
12:10:51 2008
@@ -265,7 +265,6 @@
private String parseQuoted(Mark start, String tx, char quote)
throws JasperException {
StringBuffer buf = new StringBuffer();
- boolean possibleEL = tx.contains("${");
int size = tx.length();
int i = 0;
while (i < size) {
@@ -287,20 +286,10 @@
}
} else if (ch == '\\' && i + 1 < size) {
ch = tx.charAt(i + 1);
- if (ch == '\\' || ch == '\"' || ch == '\'') {
- if (pageInfo.isELIgnored() || !possibleEL) {
- // EL is not enabled or no chance of EL
- // Unescape these now
- buf.append(ch);
- i += 2;
- } else {
- // EL is enabled and ${ appears in value
- // EL processing will escape these
- buf.append('\\');
- buf.append(ch);
- i += 2;
- }
- } else if (ch == '>') {
+ if (ch == '\\' || ch == '\"' || ch == '\'' || (ch == '>')) {
+ // \ " and ' are always unescaped regardless of if they are
+ // or outside of an EL expression. JSP.1.6 takes precedence
+ // over JSP.1.3.10 (confirmed with EG)
buf.append(ch);
i += 2;
} else {
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
