kinman 2002/11/26 18:31:29 Modified: jasper2/src/share/org/apache/jasper/compiler Generator.java JspUtil.java jasper2/src/share/org/apache/jasper/runtime PageContextImpl.java Log: - Do XML escape on EL results if they are in template texts. Revision Changes Path 1.132 +6 -6 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Generator.java Index: Generator.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Generator.java,v retrieving revision 1.131 retrieving revision 1.132 diff -u -r1.131 -r1.132 --- Generator.java 26 Nov 2002 01:25:29 -0000 1.131 +++ Generator.java 27 Nov 2002 02:31:29 -0000 1.132 @@ -764,7 +764,7 @@ if (attr.isELInterpreterInput()) { v = JspUtil.interpreterCall(this.isTagFile, attr.getValue(), expectedType, defaultPrefix, - "_jspx_fnmap" ); + "_jspx_fnmap", false ); } if (encode) { return "java.net.URLEncoder.encode(\"\" + " + v + ")"; @@ -843,7 +843,7 @@ "out.write(" + JspUtil.interpreterCall(this.isTagFile, "${" + new String(n.getText()) + "}", String.class, - null, "_jspx_fnmap" ) + null, "_jspx_fnmap", true ) + ");"); } else { out.printil("out.write(" + @@ -2436,7 +2436,7 @@ } else if (attrs[i].isELInterpreterInput()) { // run attrValue through the expression interpreter attrValue = JspUtil.interpreterCall(this.isTagFile, - attrValue, c[0], n.getPrefix(), "_jspx_fnmap" ); + attrValue, c[0], n.getPrefix(), "_jspx_fnmap", false ); } else { attrValue = convertString( c[0], attrValue, attrName, 1.22 +7 -4 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspUtil.java Index: JspUtil.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspUtil.java,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- JspUtil.java 6 Nov 2002 20:14:19 -0000 1.21 +++ JspUtil.java 27 Nov 2002 02:31:29 -0000 1.22 @@ -470,13 +470,15 @@ * @param expectedType the expected type of the interpreted result * @param defaultPrefix Default prefix, or literal "null" * @param fnmapvar Variable pointing to a function map. + * @param XmlEscape True if the result should do XML escaping * @return a String representing a call to the EL interpreter. */ public static String interpreterCall(boolean isTagFile, String expression, Class expectedType, String defaultPrefix, - String fnmapvar ) + String fnmapvar, + boolean XmlEscape ) { /* * Determine which context object to use. @@ -545,6 +547,7 @@ + ", " + fnmapvar + ", " + ((defaultPrefix == null) ? "null" : Generator.quote( defaultPrefix )) + + ", " + XmlEscape + ")"); /* 1.36 +36 -6 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java Index: PageContextImpl.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java,v retrieving revision 1.35 retrieving revision 1.36 diff -u -r1.35 -r1.36 --- PageContextImpl.java 8 Nov 2002 19:11:26 -0000 1.35 +++ PageContextImpl.java 27 Nov 2002 02:31:29 -0000 1.36 @@ -644,6 +644,28 @@ } } + private static String XmlEscape(String s) { + if (s == null) return null; + StringBuffer sb = new StringBuffer(); + for(int i = 0; i < s.length(); i++) { + char c = s.charAt(i); + if (c == '<') { + sb.append("<"); + } else if (c == '>') { + sb.append(">"); + } else if (c == '\'') { + sb.append("'"); // ' + } else if (c == '&') { + sb.append("&"); + } else if (c == '"') { + sb.append("""); // " + } else { + sb.append(c); + } + } + return sb.toString(); + } + /** * Proprietary method to evaluate EL expressions. * XXX - This method should go away once the EL interpreter moves @@ -659,15 +681,18 @@ */ public static Object proprietaryEvaluate( final String expression, final Class expectedType, final PageContext pageContext, - final ProtectedFunctionMapper functionMap, final String defaultPrefix ) + final ProtectedFunctionMapper functionMap, final String defaultPrefix, + final boolean escape ) throws ELException { final java.util.HashMap funcMap = (functionMap == null)? null: functionMap.getFnMap(); + Object retValue; if (System.getSecurityManager() != null){ try { - return AccessController.doPrivileged(new PrivilegedExceptionAction(){ + retValue = AccessController.doPrivileged( + new PrivilegedExceptionAction(){ public Object run() throws Exception{ return PageContextImpl.proprietaryEvaluator.evaluate( "<unknown>", @@ -681,13 +706,18 @@ } } else { try{ - return PageContextImpl.proprietaryEvaluator.evaluate( "<unknown>", + retValue = PageContextImpl.proprietaryEvaluator.evaluate( + "<unknown>", expression, expectedType, null, pageContext, funcMap, defaultPrefix ); } catch(JspException e){ throw new ELException( e ); } } + if (escape) { + retValue = XmlEscape(retValue.toString()); + } + return retValue; } private JspWriterImpl _createOut(int bufferSize, boolean autoFlush)
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>