cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime PageContextImpl.java

Tue, 26 Nov 2002 18:33:03 -0800 

kinman      2002/11/26 18:31:29

  Modified:    jasper2/src/share/org/apache/jasper/compiler Generator.java
                        JspUtil.java
               jasper2/src/share/org/apache/jasper/runtime
                        PageContextImpl.java
  Log:
  - Do XML escape on EL results if they are in template texts.
  
  Revision  Changes    Path
  1.132     +6 -6      
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Generator.java
  
  Index: Generator.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Generator.java,v
  retrieving revision 1.131
  retrieving revision 1.132
  diff -u -r1.131 -r1.132
  --- Generator.java    26 Nov 2002 01:25:29 -0000      1.131
  +++ Generator.java    27 Nov 2002 02:31:29 -0000      1.132
  @@ -764,7 +764,7 @@
                if (attr.isELInterpreterInput()) {
                    v = JspUtil.interpreterCall(this.isTagFile,
                        attr.getValue(), expectedType, defaultPrefix,
  -                     "_jspx_fnmap" );
  +                     "_jspx_fnmap", false );
                }
                if (encode) {
                    return "java.net.URLEncoder.encode(\"\" + " + v + ")";
  @@ -843,7 +843,7 @@
                       "out.write("
                    + JspUtil.interpreterCall(this.isTagFile,
                           "${" + new String(n.getText()) + "}", String.class,
  -                     null, "_jspx_fnmap" )
  +                     null, "_jspx_fnmap", true )
                       + ");");
               } else {
                   out.printil("out.write(" +
  @@ -2436,7 +2436,7 @@
                } else if (attrs[i].isELInterpreterInput()) {
                       // run attrValue through the expression interpreter
                       attrValue = JspUtil.interpreterCall(this.isTagFile,
  -                        attrValue, c[0], n.getPrefix(), "_jspx_fnmap" );
  +                        attrValue, c[0], n.getPrefix(), "_jspx_fnmap", false );
                   } else {
                    attrValue = convertString(
                                   c[0], attrValue, attrName,
  
  
  
  1.22      +7 -4      
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspUtil.java
  
  Index: JspUtil.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspUtil.java,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -r1.21 -r1.22
  --- JspUtil.java      6 Nov 2002 20:14:19 -0000       1.21
  +++ JspUtil.java      27 Nov 2002 02:31:29 -0000      1.22
  @@ -470,13 +470,15 @@
        * @param expectedType the expected type of the interpreted result
        * @param defaultPrefix Default prefix, or literal "null"
        * @param fnmapvar Variable pointing to a function map.
  +     * @param XmlEscape True if the result should do XML escaping
        * @return a String representing a call to the EL interpreter.
        */
       public static String interpreterCall(boolean isTagFile,
                                         String expression,
                                            Class expectedType,
                                            String defaultPrefix,
  -                                         String fnmapvar ) 
  +                                         String fnmapvar,
  +                                         boolean XmlEscape ) 
       {
           /*
            * Determine which context object to use.
  @@ -545,6 +547,7 @@
                  +       ", " + fnmapvar + ", "
                  +       ((defaultPrefix == null) ? 
                               "null" : Generator.quote( defaultPrefix )) 
  +            + ", " + XmlEscape
                  + ")");
    
        /*
  
  
  
  1.36      +36 -6     
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java
  
  Index: PageContextImpl.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java,v
  retrieving revision 1.35
  retrieving revision 1.36
  diff -u -r1.35 -r1.36
  --- PageContextImpl.java      8 Nov 2002 19:11:26 -0000       1.35
  +++ PageContextImpl.java      27 Nov 2002 02:31:29 -0000      1.36
  @@ -644,6 +644,28 @@
           }
       }
   
  +    private static String XmlEscape(String s) {
  +        if (s == null) return null;
  +        StringBuffer sb = new StringBuffer();
  +        for(int i = 0; i < s.length(); i++) {
  +            char c = s.charAt(i);
  +            if (c == '<') {
  +                sb.append("&lt;");
  +            } else if (c == '>') {
  +                sb.append("&gt;");
  +            } else if (c == '\'') {
  +                sb.append("&#039;"); // &apos;
  +            } else if (c == '&') {
  +                sb.append("&amp;");
  +            } else if (c == '"') {
  +                sb.append("&#034;"); // &quot;
  +            } else {
  +                sb.append(c);
  +            }
  +        }
  +        return sb.toString();
  +    }
  +
       /**
        * Proprietary method to evaluate EL expressions.
        * XXX - This method should go away once the EL interpreter moves
  @@ -659,15 +681,18 @@
        */
       public static Object proprietaryEvaluate( final String expression, 
            final Class expectedType,  final PageContext pageContext,
  -      final ProtectedFunctionMapper functionMap,  final String defaultPrefix )
  +      final ProtectedFunctionMapper functionMap, final String defaultPrefix,
  +      final boolean escape )
          throws ELException
       {
        final java.util.HashMap funcMap =
                (functionMap == null)? null: functionMap.getFnMap();
                   
  +     Object retValue;
           if (System.getSecurityManager() != null){
               try {
  -                return AccessController.doPrivileged(new 
PrivilegedExceptionAction(){
  +                retValue = AccessController.doPrivileged(
  +                     new PrivilegedExceptionAction(){
   
                       public Object run() throws Exception{
                          return PageContextImpl.proprietaryEvaluator.evaluate( 
"<unknown>", 
  @@ -681,13 +706,18 @@
               }
           } else {
               try{
  -               return PageContextImpl.proprietaryEvaluator.evaluate( "<unknown>", 
  +               retValue = PageContextImpl.proprietaryEvaluator.evaluate(
  +                 "<unknown>", 
                       expression, expectedType, null, pageContext,
                       funcMap, defaultPrefix );
               } catch(JspException e){
                   throw new ELException( e );                
               }  
           }
  +     if (escape) {
  +         retValue = XmlEscape(retValue.toString());
  +     }
  +     return retValue;
       }
   
       private JspWriterImpl _createOut(int bufferSize, boolean autoFlush)
  
  
  

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to