[Bug 53986] Comment end tag preceded directly by a dash causes JSP fail compilation

bugzilla Thu, 11 Oct 2012 09:43:18 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=53986


--- Comment #9 from Christopher Schultz <ch...@christopherschultz.net> ---
(In reply to comment #8)
> The JspReader.skipUntil(..) method is invoked with the following arguments:
> skipUntil("</" + tag);
> skipUntil("--%>");
> skipUntil("%>");
> skipUntil("<");
> skipUntil(">");
> skipUntil("]]>");
> skipUntil(":root");
> 
> An '<' cannot occur in "tag". So the only places where the issue can happen
> are
> skipUntil("--%>");
> skipUntil("]]>");

It may be true that a *valid* document may not include '<' within a tag but
that doesn't mean that someone won't try it. As long as the resulting error
message(s) make sense, I think this is an okay assumption.

> The "]]>" is used to terminate a "<![CDATA[". Noting that this affects JSP
> pages only. As far as I see, JSP documents are parsed differently.

I hadn't tested CDATA initially: I did test things like <%! ... %> and <%= ...
%> because of their JSP-ness. I hadn't thought of CDATA: thanks for adding this
to the list of possible triggers. Perhaps you could add this to the test case
Mark recently committed.

I'm actually curious as to why Jasper cares about CDATA tags.. is that only in
JSPX mode, or in vanilla JSP mode as well?

> Example 2.
> <%-- - ---%>Hello<%-- --%> world!
> 
> Note the stray "-" to start the issue. It causes "---%" to be not recognized.

That's interesting, and not something I noticed in my testing. Yet another good
thing to add to the test case.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 53986] Comment end tag preceded directly by a dash causes JSP fail compilation

Reply via email to