Oh, you will have to swap out the httputil with whatever you use to URLEncode strings in order to test it.

Thanks,

Aaron


On 3/31/2010 2:46 PM, Aaron Freeman wrote:
We are experiencing a fundamental change in how data is being passed as
a jsp:param between 3.0.22 and 4.0.5.  We need to know if this change is
intentional as it has a work-heavy impact on converting our code base
over which currently relies on the behavior of 3.0.x.

It appears that a call to jsp:include was automatically URL decoding any
strings that were passed in, and that that behavior has changed.

I have included source to two files that will demonstrate the behavior
change (in case it's not intentional).  And here are the results of
running it:

---- on resin-pro-3.0.22 ----

URL encoded before pass to jsp:include:
Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.

Test: 1<  2 and width="100ïand ampersand=
Here it is as seen inside of test-process.jsp:
Test: 1<  2 and width="100%" and ampersand=&.


---- on resin-pro-4.0.5 ----

URL encoded before pass to jsp:include:
Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.

Test: 1<  2 and width="100ïand ampersand=
Here it is as seen inside of test-process.jsp:
Test:+1+<+2+and+width="100%"+and+ampersand=&.



<%----- BEGIN test.jsp -----%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c" %>
<%@ taglib uri="http://www.sendthisfile.com/taglib/httputil";
prefix="httputil" %>

<c:if test="${!empty param.textarea}">
      textarea param exists:<br/>
      ${param.textarea}<br/><br/>

<c:set var="textareaUrlEncodedBefore"
value="${httputil:urlEncode(param.textarea)}"/>
      URL encoded before pass to jsp:include:<br/>
      ${textareaUrlEncodedBefore}<br/><br/>
</c:if>

<%-- Set some requestscope variable in test.jsp --%>
<jsp:include page="/test-process.jsp">
<jsp:param name="textarea" value="${param.textarea}"/>
<jsp:param name="textareaUrlEncoded" value="${textareaUrlEncodedBefore}"/>
</jsp:include>

<form action="/test.jsp">

<textarea name="textarea">${requestScope.processedTextarea}</textarea>

<input type="submit"></input>

</form>

<c:if test="${!empty requestScope.urlEncoded}">
      Here it is as seen inside of test-process.jsp:<br/>
      ${requestScope.urlEncoded}
</c:if>
<%----- END test.jsp -----%>


<%----- BEGIN test-process.jsp -----%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c" %>

<c:choose>

<c:when test="${empty param.textarea}">
<c:set var="processedTextarea" scope="request">Test: 1<  2 and
width="100%" and ampersand=&.</c:set>
</c:when>

<c:otherwise>
<c:set var="processedTextarea" scope="request">${param.textarea}</c:set>
</c:otherwise>

</c:choose>

<c:set var="urlEncoded" scope="request">${param.textareaUrlEncoded}</c:set>
<%----- END test-process.jsp -----%>


Thanks for your thoughts on this,

Aaron


_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest


No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.791 / Virus Database: 271.1.1/2781 - Release Date: 03/31/10 
01:32:00


_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to