[
https://issues.apache.org/jira/browse/JEXL-455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18056426#comment-18056426
]
Vincent Bussol commented on JEXL-455:
-------------------------------------
The TemplateEngine#parseExpression escapes the whole expression.
{code:java}
final String src = escapeString(strb); {code}
It is also used in the nested/deffered case.
It might be possible to apply it only to strings, in the TemplateEngine#append
method:
{code:java}
/**
* Helper for expression dealing with embedded strings.
*
* @param strb the expression buffer to copy characters into
* @param expr the source
* @param position the offset into the source
* @param c the separator character
* @return the new position to read the source from
*/
private static int append(final StringBuilder strb, final CharSequence expr,
final int position, final char c) {
strb.append(c);
if (c != '"' && c != '\'') {
return position;
}
// read thru strings
final StringBuilder tmp = new StringBuilder();
final int end = expr.length();
boolean escape = false;
int index = position + 1;
for (; index < end; ++index) {
final char ec = expr.charAt(index);
tmp.append(ec);
if (ec == '\\') {
escape = !escape;
} else if (escape) {
escape = false;
} else if (ec == c) {
break;
}
}
strb.append(escapeString(tmp));
return index;
} {code}
> tokenization error with multiline expressions
> ---------------------------------------------
>
> Key: JEXL-455
> URL: https://issues.apache.org/jira/browse/JEXL-455
> Project: Commons JEXL
> Issue Type: Bug
> Affects Versions: 3.6.1
> Reporter: Vincent Bussol
> Priority: Major
>
> Since [JEXL-441|https://issues.apache.org/jira/browse/JEXL-441], the same
> tokenization error occurs with multiline expressions. Our users have the
> ability to create various types of templates (html, scripts). For example:
>
> {code:java}
> <ul>
> <li>Coffee</li>
> <li>
> <b>
> ${relation('Market_Product')
> .fetch(CONTINENT.current(), Product.current())
> .field['LocalDescription']}
> </b>
> </li>
> <li>Milk</li>
> </ul> {code}
> The template creation is in error:
> {code:java}
> tokenization error in '' {code}
> This was not the case before. I'm sure this wasn't expected behavior and can
> be considered a bug exploit. However, existing (stored) templates (and
> scripts) may be in error.
> Some tests:
> {code:java}
> @Test
> void testIssue441b() {
> final JexlEngine jexl = new JexlBuilder().create();
> final JexlContext context = new MapContext();
> context.set("name", "Hello");
> final String code = "return `${name\n+ name}`;";
> final JexlScript script = jexl.createScript(code);
> Object o = script.execute(context);
> assertEquals("HelloHello", o);
> }
> @Test
> void testIssue441c() {
> final JexlEngine jexl = new JexlBuilder().create();
> final JexlContext context = new MapContext();
> context.set("name", "Hello");
> final JxltEngine jxlt = jexl.createJxltEngine();
> final JxltEngine.Template template =
> jxlt.createTemplate("<b>\n\t${name\n\t+ name}\n</b>");
> final StringWriter writer = new StringWriter();
> template.evaluate(context, writer);
> assertEquals("<b>\n\tHelloHello\n</b>", writer.toString());
> } {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
