Oh, you will have to swap out the httputil with whatever you use to
URLEncode strings in order to test it.
Thanks,
Aaron
On 3/31/2010 2:46 PM, Aaron Freeman wrote:
We are experiencing a fundamental change in how data is being passed as
a jsp:param between 3.0.22 and 4.0.5. We need to know if this change is
intentional as it has a work-heavy impact on converting our code base
over which currently relies on the behavior of 3.0.x.
It appears that a call to jsp:include was automatically URL decoding any
strings that were passed in, and that that behavior has changed.
I have included source to two files that will demonstrate the behavior
change (in case it's not intentional). And here are the results of
running it:
---- on resin-pro-3.0.22 ----
URL encoded before pass to jsp:include:
Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.
Test: 1< 2 and width="100ïand ampersand=
Here it is as seen inside of test-process.jsp:
Test: 1< 2 and width="100%" and ampersand=&.
---- on resin-pro-4.0.5 ----
URL encoded before pass to jsp:include:
Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.
Test: 1< 2 and width="100ïand ampersand=
Here it is as seen inside of test-process.jsp:
Test:+1+<+2+and+width="100%"+and+ampersand=&.
<%----- BEGIN test.jsp -----%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c" %>
<%@ taglib uri="http://www.sendthisfile.com/taglib/httputil";
prefix="httputil" %>
<c:if test="${!empty param.textarea}">
textarea param exists:<br/>
${param.textarea}<br/><br/>
<c:set var="textareaUrlEncodedBefore"
value="${httputil:urlEncode(param.textarea)}"/>
URL encoded before pass to jsp:include:<br/>
${textareaUrlEncodedBefore}<br/><br/>
</c:if>
<%-- Set some requestscope variable in test.jsp --%>
<jsp:include page="/test-process.jsp">
<jsp:param name="textarea" value="${param.textarea}"/>
<jsp:param name="textareaUrlEncoded" value="${textareaUrlEncodedBefore}"/>
</jsp:include>
<form action="/test.jsp">
<textarea name="textarea">${requestScope.processedTextarea}</textarea>
<input type="submit"></input>
</form>
<c:if test="${!empty requestScope.urlEncoded}">
Here it is as seen inside of test-process.jsp:<br/>
${requestScope.urlEncoded}
</c:if>
<%----- END test.jsp -----%>
<%----- BEGIN test-process.jsp -----%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c" %>
<c:choose>
<c:when test="${empty param.textarea}">
<c:set var="processedTextarea" scope="request">Test: 1< 2 and
width="100%" and ampersand=&.</c:set>
</c:when>
<c:otherwise>
<c:set var="processedTextarea" scope="request">${param.textarea}</c:set>
</c:otherwise>
</c:choose>
<c:set var="urlEncoded" scope="request">${param.textareaUrlEncoded}</c:set>
<%----- END test-process.jsp -----%>
Thanks for your thoughts on this,
Aaron
_______________________________________________
resin-interest mailing list
[email protected]
http://maillist.caucho.com/mailman/listinfo/resin-interest
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.791 / Virus Database: 271.1.1/2781 - Release Date: 03/31/10
01:32:00
_______________________________________________
resin-interest mailing list
[email protected]
http://maillist.caucho.com/mailman/listinfo/resin-interest
