https://issues.apache.org/bugzilla/show_bug.cgi?id=47050
Summary: StandardHostValve.status unnecessarily HTML-escapes
the error message
Product: Tomcat 6
Version: 6.0.18
Platform: All
OS/Version: All
Status: NEW
Keywords: ErrorMessage
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: [email protected]
ReportedBy: [email protected]
I have written a JSP page that prints all request attributes verbatimly to the
output. When I access it as
http://localhost:8100/roland/404&
it outputs the following HTML code:
<body>
javax.servlet.error.message=/roland/404&amp;<br>
javax.servlet.error.request_uri=/roland/404&<br>
...
</body>
I was surprised that the error.message has been HTML-escaped, but the
error.request hasn't. What's the intention of this escaping? It feels like
Catalina is imitating PHP's magic-quotes here, which it shouldn't.
In my opinion, the error message should be copied to the request attribute
as-is and not being passed through RequestUtil.filter, so the programmer can
write it to log files or a text/plain error page without unfiltering it first.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
