subject:"Re\: \[Resin\-interest\] jsp\:param behavior change from 3.0.22 to 4.0.5"

Re: [Resin-interest] jsp:param behavior change from 3.0.22 to 4.0.5

2010-04-02 Thread Scott Ferguson

Aaron Freeman wrote:
> Ok, thanks, we will hold off on pushing forward on upgrading until we 
> get some idea as to whether this is an issue or not.
>   
I checked with the spec and the reference implementation: you're not 
supposed to escape content inside a jsp:param. The container is 
responsible for any encoding.

However, Resin does have a bug in its own encoding for 4.0.5 (fixed for 
4.0.6.) So you'll need to wait until at least 4.0.6 for the fix.

(4.0.6 is expected next week. It's a short ipv6 release.)

-- Scott
> Aaron
>
>
> On 3/31/2010 2:53 PM, Scott Ferguson wrote:
>   
>> Aaron Freeman wrote:
>>
>> 
>>> We are experiencing a fundamental change in how data is being passed as
>>> a jsp:param between 3.0.22 and 4.0.5.  We need to know if this change is
>>> intentional as it has a work-heavy impact on converting our code base
>>> over which currently relies on the behavior of 3.0.x.
>>>
>>> It appears that a call to jsp:include was automatically URL decoding any
>>> strings that were passed in, and that that behavior has changed.
>>>
>>> I have included source to two files that will demonstrate the behavior
>>> change (in case it's not intentional).  And here are the results of
>>> running it:
>>>
>>>  
>>>   
>> I've added a bug report for this at http://bugs.caucho.com/view.php?id=3976.
>>
>> I'll need to check, but there's a good chance this change was made to
>> conform to either the JSP or JSTL spec/TCK.
>>
>> -- Scott
>>
>> 
>>>  on resin-pro-3.0.22 
>>>
>>> URL encoded before pass to jsp:include:
>>> Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.
>>>
>>> Test: 1<  2 and width="100ïand ampersand=
>>> Here it is as seen inside of test-process.jsp:
>>> Test: 1<  2 and width="100%" and ampersand=&.
>>>
>>>
>>>  on resin-pro-4.0.5 
>>>
>>> URL encoded before pass to jsp:include:
>>> Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.
>>>
>>> Test: 1<  2 and width="100ïand ampersand=
>>> Here it is as seen inside of test-process.jsp:
>>> Test:+1+<+2+and+width="100%"+and+ampersand=&.
>>>
>>>
>>>
>>> <%- BEGIN test.jsp -%>
>>> <%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c" %>
>>> <%@ taglib uri="http://www.sendthisfile.com/taglib/httputil";
>>> prefix="httputil" %>
>>>
>>> 
>>>   textarea param exists:
>>>   ${param.textarea}
>>>
>>> >> value="${httputil:urlEncode(param.textarea)}"/>
>>>   URL encoded before pass to jsp:include:
>>>   ${textareaUrlEncodedBefore}
>>> 
>>>
>>> <%-- Set some requestscope variable in test.jsp --%>
>>> 
>>> 
>>> 
>>> 
>>>
>>> 
>>>
>>> ${requestScope.processedTextarea}
>>>
>>> 
>>>
>>> 
>>>
>>> 
>>>   Here it is as seen inside of test-process.jsp:
>>>   ${requestScope.urlEncoded}
>>> 
>>> <%- END test.jsp -%>
>>>
>>>
>>> <%- BEGIN test-process.jsp -%>
>>> <%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c" %>
>>>
>>> 
>>>
>>> 
>>> Test: 1<  2 and
>>> width="100%" and ampersand=&.
>>> 
>>>
>>> 
>>> ${param.textarea}
>>> 
>>>
>>> 
>>>
>>> ${param.textareaUrlEncoded}
>>> <%- END test-process.jsp -%>
>>>
>>>
>>> Thanks for your thoughts on this,
>>>
>>> Aaron
>>>  
>>>   
>
>
>
> ___
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>
>   



___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Re: [Resin-interest] jsp:param behavior change from 3.0.22 to 4.0.5

2010-03-31 Thread Aaron Freeman

Ok, thanks, we will hold off on pushing forward on upgrading until we 
get some idea as to whether this is an issue or not.

Aaron


On 3/31/2010 2:53 PM, Scott Ferguson wrote:
> Aaron Freeman wrote:
>
>> We are experiencing a fundamental change in how data is being passed as
>> a jsp:param between 3.0.22 and 4.0.5.  We need to know if this change is
>> intentional as it has a work-heavy impact on converting our code base
>> over which currently relies on the behavior of 3.0.x.
>>
>> It appears that a call to jsp:include was automatically URL decoding any
>> strings that were passed in, and that that behavior has changed.
>>
>> I have included source to two files that will demonstrate the behavior
>> change (in case it's not intentional).  And here are the results of
>> running it:
>>
>>  
> I've added a bug report for this at http://bugs.caucho.com/view.php?id=3976.
>
> I'll need to check, but there's a good chance this change was made to
> conform to either the JSP or JSTL spec/TCK.
>
> -- Scott
>
>>  on resin-pro-3.0.22 
>>
>> URL encoded before pass to jsp:include:
>> Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.
>>
>> Test: 1<  2 and width="100ïand ampersand=
>> Here it is as seen inside of test-process.jsp:
>> Test: 1<  2 and width="100%" and ampersand=&.
>>
>>
>>  on resin-pro-4.0.5 
>>
>> URL encoded before pass to jsp:include:
>> Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.
>>
>> Test: 1<  2 and width="100ïand ampersand=
>> Here it is as seen inside of test-process.jsp:
>> Test:+1+<+2+and+width="100%"+and+ampersand=&.
>>
>>
>>
>> <%- BEGIN test.jsp -%>
>> <%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c" %>
>> <%@ taglib uri="http://www.sendthisfile.com/taglib/httputil";
>> prefix="httputil" %>
>>
>> 
>>   textarea param exists:
>>   ${param.textarea}
>>
>> > value="${httputil:urlEncode(param.textarea)}"/>
>>   URL encoded before pass to jsp:include:
>>   ${textareaUrlEncodedBefore}
>> 
>>
>> <%-- Set some requestscope variable in test.jsp --%>
>> 
>> 
>> 
>> 
>>
>> 
>>
>> ${requestScope.processedTextarea}
>>
>> 
>>
>> 
>>
>> 
>>   Here it is as seen inside of test-process.jsp:
>>   ${requestScope.urlEncoded}
>> 
>> <%- END test.jsp -%>
>>
>>
>> <%- BEGIN test-process.jsp -%>
>> <%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c" %>
>>
>> 
>>
>> 
>> Test: 1<  2 and
>> width="100%" and ampersand=&.
>> 
>>
>> 
>> ${param.textarea}
>> 
>>
>> 
>>
>> ${param.textareaUrlEncoded}
>> <%- END test-process.jsp -%>
>>
>>
>> Thanks for your thoughts on this,
>>
>> Aaron
>>  



___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Re: [Resin-interest] jsp:param behavior change from 3.0.22 to 4.0.5

2010-03-31 Thread Scott Ferguson

Aaron Freeman wrote:
> We are experiencing a fundamental change in how data is being passed as 
> a jsp:param between 3.0.22 and 4.0.5.  We need to know if this change is 
> intentional as it has a work-heavy impact on converting our code base 
> over which currently relies on the behavior of 3.0.x.
>
> It appears that a call to jsp:include was automatically URL decoding any 
> strings that were passed in, and that that behavior has changed.
>
> I have included source to two files that will demonstrate the behavior 
> change (in case it's not intentional).  And here are the results of 
> running it:
>   

I've added a bug report for this at http://bugs.caucho.com/view.php?id=3976.

I'll need to check, but there's a good chance this change was made to 
conform to either the JSP or JSTL spec/TCK.

-- Scott
>  on resin-pro-3.0.22 
>
> URL encoded before pass to jsp:include:
> Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.
>
> Test: 1 < 2 and width="100ïand ampersand=
> Here it is as seen inside of test-process.jsp:
> Test: 1 < 2 and width="100%" and ampersand=&.
>
>
>  on resin-pro-4.0.5 
>
> URL encoded before pass to jsp:include:
> Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.
>
> Test: 1 < 2 and width="100ïand ampersand=
> Here it is as seen inside of test-process.jsp:
> Test:+1+<+2+and+width="100%"+and+ampersand=&.
>
>
>
> <%- BEGIN test.jsp -%>
> <%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c" %>
> <%@ taglib uri="http://www.sendthisfile.com/taglib/httputil"; 
> prefix="httputil" %>
>
> 
>  textarea param exists:
>  ${param.textarea}
>
>  value="${httputil:urlEncode(param.textarea)}"/>
>  URL encoded before pass to jsp:include:
>  ${textareaUrlEncodedBefore}
> 
>
> <%-- Set some requestscope variable in test.jsp --%>
> 
> 
> 
> 
>
> 
>
> ${requestScope.processedTextarea}
>
> 
>
> 
>
> 
>  Here it is as seen inside of test-process.jsp:
>  ${requestScope.urlEncoded}
> 
> <%- END test.jsp -%>
>
>
> <%- BEGIN test-process.jsp -%>
> <%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c" %>
>
> 
>
> 
> Test: 1 < 2 and 
> width="100%" and ampersand=&.
> 
>
> 
> ${param.textarea}
> 
>
> 
>
> ${param.textareaUrlEncoded}
> <%- END test-process.jsp -%>
>
>
> Thanks for your thoughts on this,
>
> Aaron
>
>
> ___
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>
>   



___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Re: [Resin-interest] jsp:param behavior change from 3.0.22 to 4.0.5

2010-03-31 Thread Aaron Freeman

Oh, you will have to swap out the httputil with whatever you use to 
URLEncode strings in order to test it.


Thanks,

Aaron


On 3/31/2010 2:46 PM, Aaron Freeman wrote:

We are experiencing a fundamental change in how data is being passed as
a jsp:param between 3.0.22 and 4.0.5.  We need to know if this change is
intentional as it has a work-heavy impact on converting our code base
over which currently relies on the behavior of 3.0.x.

It appears that a call to jsp:include was automatically URL decoding any
strings that were passed in, and that that behavior has changed.

I have included source to two files that will demonstrate the behavior
change (in case it's not intentional).  And here are the results of
running it:

 on resin-pro-3.0.22 

URL encoded before pass to jsp:include:
Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.

Test: 1<  2 and width="100ïand ampersand=
Here it is as seen inside of test-process.jsp:
Test: 1<  2 and width="100%" and ampersand=&.


 on resin-pro-4.0.5 

URL encoded before pass to jsp:include:
Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.

Test: 1<  2 and width="100ïand ampersand=
Here it is as seen inside of test-process.jsp:
Test:+1+<+2+and+width="100%"+and+ampersand=&.



<%- BEGIN test.jsp -%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c" %>
<%@ taglib uri="http://www.sendthisfile.com/taglib/httputil";
prefix="httputil" %>


  textarea param exists:
  ${param.textarea}


  URL encoded before pass to jsp:include:
  ${textareaUrlEncodedBefore}


<%-- Set some requestscope variable in test.jsp --%>







${requestScope.processedTextarea}






  Here it is as seen inside of test-process.jsp:
  ${requestScope.urlEncoded}

<%- END test.jsp -%>


<%- BEGIN test-process.jsp -%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c" %>




Test: 1<  2 and
width="100%" and ampersand=&.



${param.textarea}




${param.textareaUrlEncoded}
<%- END test-process.jsp -%>


Thanks for your thoughts on this,

Aaron


___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
   




No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.791 / Virus Database: 271.1.1/2781 - Release Date: 03/31/10 
01:32:00

   


___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Re: [Resin-interest] jsp:param behavior change from 3.0.22 to 4.0.5

Re: [Resin-interest] jsp:param behavior change from 3.0.22 to 4.0.5

Re: [Resin-interest] jsp:param behavior change from 3.0.22 to 4.0.5

Re: [Resin-interest] jsp:param behavior change from 3.0.22 to 4.0.5

4 matches

Site Navigation

Mail list logo

Footer information