David Wall wrote:
> While it makes sense, I was just checking to see if upgrading from
> Tomcat 5.5.26 to 5.5.27, not thinking such an upgrade would require JSP
> source code changes, will hold true going forward with subsequent Tomcat
> releases.
>
> We have a few places where JSP tag attribute values have Java code that
> itself contains double quotes, such as:
>
> <tt:mytag value="<%=("field"+i)%>"/>
> or
> <tt:mytag value="<%=bean.get("name")%>"/>
>
> In 5.5.26, this compiled okay, but in 5.5.27, it results in an error like:
>
> org.apache.jasper.JasperException: /app/mypage.jsp(43,21) Attribute
> value ("field"+i) is quoted with " which must be escaped when used
> within the value
>
> org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:40)
>
>
>
> It does make some sense, yet it worked fine for years. Is this
> something that will be true going forward with Tomcat releases, or is
> this some sort of "bug" that was introduced in 5.5.27? It is only
> interesting because even the error message shows it parses the attribute
> value correctly.
Versions prior to 5.5.27 did not enforce the quoting requirements of the
JSP spec. This was fixed in 5.5.27. You can disable this behaviour. See
http://tomcat.apache.org/tomcat-5.5-doc/config/systemprops.html and look
for STRICT_QUOTE_ESCAPING.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
