https://issues.apache.org/bugzilla/show_bug.cgi?id=56265
--- Comment #7 from Konstantin Kolinko <knst.koli...@gmail.com> ---
(In reply to Mark Thomas from comment #6)
> Created attachment 31401 [details]
> Proposed patch v3
>
> I've been looking at v2 of the patch.
>
> I think I found a couple of bugs in the testBug56265()
> - The method wasn't annotated with @Test so the test did not execute
> - bug56265.jsp assigned a value to a request attribute named 'text' but
> tried to use an attribute named 'world'.
My bad. I have to fix it.
> - The test was expected value [1] to be unescaped but I think it should have
> been expecting it to be escaped
Wrong. The tag bug56265.tagx print the values as
<jsp:text>[${e.key}]: [${e.value}]</jsp:text>
Those are the attribute values how they were provided by XML parser. They are
unescaped ones.
> I've attached v3 of the patch for comment that - assuming my analysis of v2
> is correct - addresses the issues I found and adds a few more tests. The fix
> part of the patch is now a lot simpler.
Wrong. Escaping discussed in bug 55198 shall be applied to template content of
the document - to attributes of Node.UninterpretedTag only (and to textual
content in the bodies if we extend this).
There is no reason to apply xmlescaping in the dozen of other cases when
getAttribute(...) method is called.
There is also "if (pageInfo.isELIgnored())" branch that shall be handled in the
same way as an attribute that does not contain EL expressions. My patch covers
that, though I have not wrote a test case.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
