DO NOT REPLY [Bug 47050] New: StandardHostValve.status unnecessarily HTML-escapes the error message

bugzilla Sun, 19 Apr 2009 01:59:41 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=47050


           Summary: StandardHostValve.status unnecessarily HTML-escapes
                    the error message
           Product: Tomcat 6
           Version: 6.0.18
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: ErrorMessage
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: roland.il...@gmx.de


I have written a JSP page that prints all request attributes verbatimly to the
output. When I access it as

    http://localhost:8100/roland/404&amp;

it outputs the following HTML code:

 <body>
javax.servlet.error.message=/roland/404&amp;amp;<br>
javax.servlet.error.request_uri=/roland/404&amp;<br>
...
 </body>

I was surprised that the error.message has been HTML-escaped, but the
error.request hasn't. What's the intention of this escaping? It feels like
Catalina is imitating PHP's magic-quotes here, which it shouldn't.

In my opinion, the error message should be copied to the request attribute
as-is and not being passed through RequestUtil.filter, so the programmer can
write it to log files or a text/plain error page without unfiltering it first.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

DO NOT REPLY [Bug 47050] New: StandardHostValve.status unnecessarily HTML-escapes the error message

Reply via email to