https://bz.apache.org/bugzilla/show_bug.cgi?id=63359
Bug ID: 63359
Summary: jsp:setProperty not spec compliant
Product: Tomcat 9
Version: 9.0.x
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Jasper
Assignee: dev@tomcat.apache.org
Reporter: ma...@apache.org
Target Milestone: -----
I came across this while reviewing the coverity scan results.
JSP.5.2 sets out <jsp:setProperty> should behave. That references JSP.1.14.2.1
for conversion from String values. Reviewing the code there appear to be
multiple related issues:
- PropertyEditor with null value may result in an exception when it should
always be null
- Empty strings are not correctly coerced
- Coercion to Object is to String[] rather than String
- Coercion to File is defined which is not present in the spec
Since this report originates from code inspection, test cases need to be
constructed to validate the bugs above before fixing. It would also be prudent
to run the full Tomcat test suite and the JSP TCK against any fix.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
