Hi!

I am reviewing the ELParser fix for
https://issues.apache.org/bugzilla/show_bug.cgi?id=56334
Those are
in 7.0:
http://svn.apache.org/viewvc?view=revision&revision=r1587887
in 6.0:

1). In java/org/apache/jasper/compiler/Validator.java

There was replacement s/ attrs.getValue(i) / attributeValue / in one
of methods. There were two occurrences where that replacement was not
done - in error messages. I went on and fixed that in r1590604 .

I'll backport to Tomcat 7 shortly. A cosmetic issue.

2) The above mentioned replacement is missing from Validator.java in
Tomcat 6 patch.

I suspect that this might be a bug in Tomcat 6.


3) A comment in org.apache.jasper.compiler.TestELParser:

 * <li>LiteralExpressions always occur outside of "${...}" and "#{...}". Literal
 *     expressions escape '$' and '#' with '\\' if '$' or '#' is followed by '{'
 *     but neither '\\' nor '{' is escaped.</li>

The ["if '$' or '#' is followed by '{'"] part is not needed.

As far as I am reading JSP 2.2 spec,  $ and # are escaped by '\'
regardless of whether they are followed by '{'.

The code in ELParser does not check for following '{'.

(No bug here. The implementation is correct. Only the comment is off).

4) Validator$ValidateVisitor$XmlEscapeNonELVisitor.visit(Text)

The code in ELParser.TextBuilder.visit(Text) was updated to apply
"escapeLiteralExpression()", but the same method in
XmlEscapeNonELVisitor has not been updated.

I think it is a bug here.

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to