Aaron Freeman wrote: > Ok, thanks, we will hold off on pushing forward on upgrading until we > get some idea as to whether this is an issue or not. > I checked with the spec and the reference implementation: you're not supposed to escape content inside a jsp:param. The container is responsible for any encoding.
However, Resin does have a bug in its own encoding for 4.0.5 (fixed for 4.0.6.) So you'll need to wait until at least 4.0.6 for the fix. (4.0.6 is expected next week. It's a short ipv6 release.) -- Scott > Aaron > > > On 3/31/2010 2:53 PM, Scott Ferguson wrote: > >> Aaron Freeman wrote: >> >> >>> We are experiencing a fundamental change in how data is being passed as >>> a jsp:param between 3.0.22 and 4.0.5. We need to know if this change is >>> intentional as it has a work-heavy impact on converting our code base >>> over which currently relies on the behavior of 3.0.x. >>> >>> It appears that a call to jsp:include was automatically URL decoding any >>> strings that were passed in, and that that behavior has changed. >>> >>> I have included source to two files that will demonstrate the behavior >>> change (in case it's not intentional). And here are the results of >>> running it: >>> >>> >>> >> I've added a bug report for this at http://bugs.caucho.com/view.php?id=3976. >> >> I'll need to check, but there's a good chance this change was made to >> conform to either the JSP or JSTL spec/TCK. >> >> -- Scott >> >> >>> ---- on resin-pro-3.0.22 ---- >>> >>> URL encoded before pass to jsp:include: >>> Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26. >>> >>> Test: 1< 2 and width="100ïand ampersand= >>> Here it is as seen inside of test-process.jsp: >>> Test: 1< 2 and width="100%" and ampersand=&. >>> >>> >>> ---- on resin-pro-4.0.5 ---- >>> >>> URL encoded before pass to jsp:include: >>> Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26. >>> >>> Test: 1< 2 and width="100ïand ampersand= >>> Here it is as seen inside of test-process.jsp: >>> Test:+1+<+2+and+width="100%"+and+ampersand=&. >>> >>> >>> >>> <%----- BEGIN test.jsp -----%> >>> <%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c" %> >>> <%@ taglib uri="http://www.sendthisfile.com/taglib/httputil"; >>> prefix="httputil" %> >>> >>> <c:if test="${!empty param.textarea}"> >>> textarea param exists:<br/> >>> ${param.textarea}<br/><br/> >>> >>> <c:set var="textareaUrlEncodedBefore" >>> value="${httputil:urlEncode(param.textarea)}"/> >>> URL encoded before pass to jsp:include:<br/> >>> ${textareaUrlEncodedBefore}<br/><br/> >>> </c:if> >>> >>> <%-- Set some requestscope variable in test.jsp --%> >>> <jsp:include page="/test-process.jsp"> >>> <jsp:param name="textarea" value="${param.textarea}"/> >>> <jsp:param name="textareaUrlEncoded" value="${textareaUrlEncodedBefore}"/> >>> </jsp:include> >>> >>> <form action="/test.jsp"> >>> >>> <textarea name="textarea">${requestScope.processedTextarea}</textarea> >>> >>> <input type="submit"></input> >>> >>> </form> >>> >>> <c:if test="${!empty requestScope.urlEncoded}"> >>> Here it is as seen inside of test-process.jsp:<br/> >>> ${requestScope.urlEncoded} >>> </c:if> >>> <%----- END test.jsp -----%> >>> >>> >>> <%----- BEGIN test-process.jsp -----%> >>> <%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c" %> >>> >>> <c:choose> >>> >>> <c:when test="${empty param.textarea}"> >>> <c:set var="processedTextarea" scope="request">Test: 1< 2 and >>> width="100%" and ampersand=&.</c:set> >>> </c:when> >>> >>> <c:otherwise> >>> <c:set var="processedTextarea" scope="request">${param.textarea}</c:set> >>> </c:otherwise> >>> >>> </c:choose> >>> >>> <c:set var="urlEncoded" scope="request">${param.textareaUrlEncoded}</c:set> >>> <%----- END test-process.jsp -----%> >>> >>> >>> Thanks for your thoughts on this, >>> >>> Aaron >>> >>> > > > > _______________________________________________ > resin-interest mailing list > [email protected] > http://maillist.caucho.com/mailman/listinfo/resin-interest > > _______________________________________________ resin-interest mailing list [email protected] http://maillist.caucho.com/mailman/listinfo/resin-interest
