On 14/03/2014 11:57, Konstantin Kolinko wrote:
> 2014-03-14 15:37 GMT+04:00 Zboron Lukas <lzbo...@gratex.com>:
>> Hi,
>> I have several custom jspx tags with dynamic attributes that worked well up
>> to Tomcat 7.0.47, but they do not work properly on Tomcat 7.0.52. Same
>> problems occur also when using Spring form tags (I suspect that other
>> libraries would have same problem, but I didn't test them).
>>
>> sample (data-test[2] is dynamic attribute, onclick is static):
>> <c:set var="world" value="'World'"></c:set>
>> <sf:form onclick="window.alert('Hello ${world}!')"
>> data-test="window.alert('Hello ${world}!')"
>> data-test2="window.alert('Hello World!')"
>> tomcat 7.0.47 output:
>> <form onclick="window.alert('Hello 'World'!')"
>> data-test="window.alert('Hello 'World'!')"
>> data-test2="window.alert('Hello World!')"
>> tomcat 7.0.52 output:
>> <form onclick="window.alert('Hello 'World'!')"
>> data-test="window.alert(&#039;Hello 'World'!&#039;)"
>> data-test2="window.alert('Hello World!')"
>>
>> If there is EL used in dynamic attribute (data-test), non-EL part of that
>> attribute is escaped twice, EL part is escaped only once. Tomcat 7.0.47
>> would escape everything just once.
>> Everything works as before if static attribute is used (onclick) or there is
>> no EL in dynamic attribute (data-test2).
>>
>> I strongly suspect, that this is caused by this fix:
>> https://issues.apache.org/bugzilla/show_bug.cgi?id=55735, but I don't
>> understand why using EL should cause double escaping of the rest of
>> attribute value. Is it bug?
>>
>
> It looks like a bug.
>
> Please file an issue in Bugzilla.
> It would be nice if you can attach a simple reproducing web application to it.
It would also help if we could see the source for sf:form or a
simplified version of if that demonstrates the problem.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
