[Bug 55198] Quote entity in html element attribute evaluated in tagx if attribute contains EL expression

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55198

--- Comment #8 from Konstantin Kolinko <knst.koli...@gmail.com> ---
For reference:

(In reply to Evan Greensmith from comment #0)
>
> If your tagx file contains an html element such as
> <a href="#" onclick="window.alert(&quot;Hello World!&quot;)">foobar</a>
> It renders as
> <a href="#" onclick="window.alert(&quot;Hello World!&quot;)">foobar</a>
> 

Technically, the textual value of the attribute of an xml tag, as returned by
XML parser here is [window.alert("Hello World!")].

The legacy behaviour - in 7.0.42 here is that when printing the tag attributes
the double quotes are replaced  (") -> (&quot;). In the tag next no
replacements are performed.

This behaviour is applied to the double quotes only, but not to other special
symbols.

Using the OP's test.war if I replace the first (non-EL) tag in clickme.tag and
clickme.tagx with the following:

<li><a href="#" onclick="window.alert(&quot;&lt;&amp;&gt;&#039;Hello
World!&quot;)">Click me to display &quot;&lt;&amp;&gt;&#039;Hello
World!&quot;</a></li>

Tomcat 7.0.42 renders it as following:

- for clickme.tag:

<li><a href="#" onclick="window.alert(&quot;&lt;&amp;&gt;&#039;Hello
World!&quot;)">Click me to display &quot;&lt;&amp;&gt;&#039;Hello
World!&quot;</a></li>

- for clickme.tagx:

<li><a onclick="window.alert(&quot;<&>'Hello World!&quot;)" href="#">Click me
to display "<&>'Hello World!"</a></li>

Note that tag file renders as the source is, tagx file renders the texts as
returned by XML parser, only replacing "->&quot; in tag attribute, but nowhere
else.

I am not saying that this is correct. I am just documenting the legacy
behaviour.


In the code, the place responsible for s/"/&quot;/ replacement is
Generator$GenerateVisitor.visit(Node.UninterpretedTag n),

    out.print(DOUBLE_QUOTE);
    out.print(attrs.getValue(i).replace("\"", "&quot;"));
    out.print(DOUBLE_QUOTE);

If attribute value does not contain double quote chars (e.g. xml-escaping has
already been applied to it during previous processing), it will be printed as
is.


For reference,
regressions related to an attempt to fix this issue thus far are:
https://issues.apache.org/bugzilla/show_bug.cgi?id=56265
https://issues.apache.org/bugzilla/show_bug.cgi?id=56029
https://issues.apache.org/bugzilla/show_bug.cgi?id=55735

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org