https://issues.apache.org/bugzilla/show_bug.cgi?id=55735
Bug ID: 55735
Summary: Additional quote entity in html element attribute
evaluated in tagx if attribute contains EL expression
Product: Tomcat 7
Version: 7.0.47
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P2
Component: Jasper
Assignee: dev@tomcat.apache.org
Reporter: azuo....@sohu.com
Well, after fix for Bug 55198, if a tag file contains
<a href="#" onclick="window.alert("${text}")">foobar</a>
It can now be correctly rendered as (if text='foobar')
<a href="#" onclick="window.alert("foobar")">foobar</a>
But, It is rendered completely wrongly as ***** IF text='&foobar' *****
<a href="#" onclick="window.alert("&amp;foobar")">foobar</a>
The EL expression ${text} should be rendered without any escape, but now it is
escaped just as other literal part in the attribute.
Generally, a tagx file's compiler must not make any assumption that it's output
is a well-formed XML or not, it should just keep the literal atrribute or text
as is, and output any EL expression directly. It's the tagx file's author's
reponsibility to determine whether a text variable should be escaped, e.g.:
<a href="#" onclick="window.alert("${fn:escape(text)}")">foobar</a>
Suppose we have:
request.setAttribute("text", "2 > 1");
And in a tagx file:
<div title=""${text}"">"${text}"</div>
The correct output could be:
<div title=""2 > 1"">"2 > 1"</div>
But neither
<div title=""2 &gt; 1"">"2 > 1"</div>
nor
<div title=""2 > 1"">"2 > 1"</div>
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
