https://issues.apache.org/bugzilla/show_bug.cgi?id=45015
William Leung <l...@21cn.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
CC| |l...@21cn.com
Resolution|FIXED |
--- Comment #14 from William Leung <l...@21cn.com> 2010-03-23 07:17:47 UTC ---
Test in TC 6.0.26, the "strip quote escaping Parser" didn't work.
-- JUST use this testing code
<mytags:tag value="<%= "hi!" %>" />
-- I setup a jspc command line to debug the JspC
-- Then I reaches this stack frames
m...@1, prio=5, in group 'main', status: 'RUNNING'
at
org.apache.jasper.compiler.AttributeParser.getUnquoted(AttributeParser.java:54)
at org.apache.jasper.compiler.Parser.parseAttributeValue(Parser.java:249)
at org.apache.jasper.compiler.Parser.parseAttribute(Parser.java:205)
at org.apache.jasper.compiler.Parser.parseAttributes(Parser.java:148)
at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1204)
at
org.apache.jasper.compiler.Parser.parseElementsScriptless(Parser.java:1467)
at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1385)
at org.apache.jasper.compiler.Parser.parseBody(Parser.java:1630)
at org.apache.jasper.compiler.Parser.parseOptionalBody(Parser.java:974)
at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1242)
at
org.apache.jasper.compiler.Parser.parseElementsScriptless(Parser.java:1467)
at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1385)
at org.apache.jasper.compiler.Parser.parseBody(Parser.java:1630)
at org.apache.jasper.compiler.Parser.parseOptionalBody(Parser.java:974)
at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1242)
at
org.apache.jasper.compiler.Parser.parseElementsScriptless(Parser.java:1467)
at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1385)
at org.apache.jasper.compiler.Parser.parseBody(Parser.java:1630)
at org.apache.jasper.compiler.Parser.parseOptionalBody(Parser.java:974)
at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1242)
at
org.apache.jasper.compiler.Parser.parseElementsScriptless(Parser.java:1467)
at org.apache.jasper.compiler.Parser.parseBody(Parser.java:1633)
at org.apache.jasper.compiler.Parser.parseJspBody(Parser.java:1584)
at
org.apache.jasper.compiler.Parser.parseJspAttributeAndBody(Parser.java:1001)
at org.apache.jasper.compiler.Parser.parseOptionalBody(Parser.java:972)
at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1242)
at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1418)
at org.apache.jasper.compiler.Parser.parse(Parser.java:130)
at
org.apache.jasper.compiler.ParserController.doParse(ParserController.java:255)
at
org.apache.jasper.compiler.ParserController.parse(ParserController.java:103)
at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:185)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:347)
at org.apache.jasper.JspC.processFile(JspC.java:1182)
at org.apache.jasper.JspC.execute(JspC.java:1331)
at
sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-1)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:105)
at org.apache.tools.ant.TaskAdapter.execute(TaskAdapter.java:134)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)
at
sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-1)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:105)
at org.apache.tools.ant.Task.perform(Task.java:348)
at org.apache.tools.ant.Target.execute(Target.java:357)
at org.apache.tools.ant.Target.performTasks(Target.java:385)
at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1329)
at org.apache.tools.ant.Project.executeTarget(Project.java:1298)
at
org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
at org.apache.tools.ant.Project.executeTargets(Project.java:1181)
at org.apache.tools.ant.Main.runBuild(Main.java:698)
at org.apache.tools.ant.Main.startAnt(Main.java:199)
at org.apache.tools.ant.launch.Launcher.run(Launcher.java:257)
at org.apache.tools.ant.launch.Launcher.main(Launcher.java:104)
-- In this frame: parseAttributeValue(Parser.java:249) -
The method signature is: private String parseAttributeValue(String watch)
throws JasperException
We can see the parameter (watch)'s value is three characters: '%', '>', '"'
So after this code fragment executed
-> 245 char quote = 0;
-> 246 if (watch.length() == 1) {
-> 247 quote = watch.charAt(0);
-> 248 }
the "quote" variable is actually 0
so event the system property
"org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING" isn't set to "false"
the strit parser didn't report for this problem
-> (codes in org.apache.jasper.compiler.AttributeParser)
-> 307 } else if (ch == quote && strict) {
-> 308 String msg =
Localizer.getMessage("jsp.error.attribute.noescape",
-> 309 input, ""+ quote);
-> 310 throw new IllegalArgumentException(msg);
-> 311 } else {
the line 307's condition should never be evaluated to "true"
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
