https://issues.apache.org/bugzilla/show_bug.cgi?id=56265
Bug ID: 56265
Summary: Unexpected escaping in the values of dynamic tag
attributes containing EL expressions
Product: Tomcat 7
Version: 7.0.52
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Jasper
Assignee: [email protected]
Reporter: [email protected]
The following was reported on the users list,
"double xmlEscape in dynamic attributes in 7.0.52"
http://marc.info/?t=139479709800007&r=1&w=2
[quote]
Hi,
I have several custom jspx tags with dynamic attributes that worked well up to
Tomcat 7.0.47, but they do not work properly on Tomcat 7.0.52. Same problems
occur also when using Spring form tags (I suspect that other libraries would
have same problem, but I didn't test them).
sample (data-test[2] is dynamic attribute, onclick is static):
<c:set var="world" value="'World'"></c:set>
<sf:form onclick="window.alert('Hello ${world}!')"
data-test="window.alert('Hello ${world}!')"
data-test2="window.alert('Hello World!')"
tomcat 7.0.47 output:
<form onclick="window.alert('Hello 'World'!')"
data-test="window.alert('Hello 'World'!')"
data-test2="window.alert('Hello World!')"
tomcat 7.0.52 output:
<form onclick="window.alert('Hello 'World'!')"
data-test="window.alert(&#039;Hello 'World'!&#039;)"
data-test2="window.alert('Hello World!')"
If there is EL used in dynamic attribute (data-test), non-EL part of that
attribute is escaped twice, EL part is escaped only once. Tomcat 7.0.47 would
escape everything just once.
Everything works as before if static attribute is used (onclick) or there is no
EL in dynamic attribute (data-test2).
[/quote]
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
