Author: markt
Date: Fri May 16 15:28:09 2008
New Revision: 657231
URL: http://svn.apache.org/viewvc?rev=657231&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45015
You can't use an unescaped quote in an attribute value if you have quoted the
value using that quote character
Modified:
tomcat/trunk/java/org/apache/jasper/compiler/Parser.java
tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
Modified: tomcat/trunk/java/org/apache/jasper/compiler/Parser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/Parser.java?rev=657231&r1=657230&r2=657231&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/Parser.java (original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/Parser.java Fri May 16
15:28:09 2008
@@ -244,7 +244,8 @@
err.jspError(start, "jsp.error.attribute.unterminated", watch);
}
- String ret = parseQuoted(reader.getText(start, stop));
+ String ret = parseQuoted(start, reader.getText(start, stop),
+ watch.charAt(watch.length() - 1));
if (watch.length() == 1) // quote
return ret;
@@ -257,7 +258,8 @@
* QuotedChar ::= ''' | '"' | '\\' | '\"' | "\'" | '\>' | '\$' |
* Char
*/
- private String parseQuoted(String tx) {
+ private String parseQuoted(Mark start, String tx, char quote)
+ throws JasperException {
StringBuffer buf = new StringBuffer();
int size = tx.length();
int i = 0;
@@ -291,6 +293,10 @@
buf.append('\\');
++i;
}
+ } else if (ch == quote) {
+ // Unescaped quote character
+ err.jspError(start, "jsp.error.attribute.noescape", tx,
+ "" + quote);
} else {
buf.append(ch);
++i;
Modified: tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=657231&r1=657230&r2=657231&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties Fri
May 16 15:28:09 2008
@@ -341,6 +341,7 @@
jsp.error.attribute.noequal=equal symbol expected
jsp.error.attribute.noquote=quote symbol expected
jsp.error.attribute.unterminated=attribute for {0} is not properly terminated
+jsp.error.attribute.noescape=Attribute value {0} is quoted with {1} which must
be escaped when used within the value
jsp.error.missing.tagInfo=TagInfo object for {0} is missing from TLD
jsp.error.deferredmethodsignaturewithoutdeferredmethod=Cannot specify a method
signature if 'deferredMethod' is not 'true'
jsp.error.deferredvaluetypewithoutdeferredvalue=Cannot specify a value type if
'deferredValue' is not 'true'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
