Hi! I am reviewing the ELParser fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=56334
Those are in 7.0: http://svn.apache.org/viewvc?view=revision&revision=r1587887 in 6.0: 1). In java/org/apache/jasper/compiler/Validator.java There was replacement s/ attrs.getValue(i) / attributeValue / in one of methods. There were two occurrences where that replacement was not done - in error messages. I went on and fixed that in r1590604 . I'll backport to Tomcat 7 shortly. A cosmetic issue. 2) The above mentioned replacement is missing from Validator.java in Tomcat 6 patch. I suspect that this might be a bug in Tomcat 6. 3) A comment in org.apache.jasper.compiler.TestELParser: * <li>LiteralExpressions always occur outside of "${...}" and "#{...}". Literal * expressions escape '$' and '#' with '\\' if '$' or '#' is followed by '{' * but neither '\\' nor '{' is escaped.</li> The ["if '$' or '#' is followed by '{'"] part is not needed. As far as I am reading JSP 2.2 spec, $ and # are escaped by '\' regardless of whether they are followed by '{'. The code in ELParser does not check for following '{'. (No bug here. The implementation is correct. Only the comment is off). 4) Validator$ValidateVisitor$XmlEscapeNonELVisitor.visit(Text) The code in ELParser.TextBuilder.visit(Text) was updated to apply "escapeLiteralExpression()", but the same method in XmlEscapeNonELVisitor has not been updated. I think it is a bug here. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org