https://bz.apache.org/bugzilla/show_bug.cgi?id=62825
Bug ID: 62825
Summary: JSP inline javeascript backslash miss escaping in
single quote string values
Product: Tomcat 8
Version: 8.5.27
Hardware: All
Status: NEW
Severity: normal
Priority: P2
Component: Jasper
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ----
Created attachment 36198
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36198&action=edit
Contains the source jsp inline javascript file, the result parsing javascript
source in Chrome developer mode and the generated jsp java file.
The inline javascript in jsp suppose should have the same javascript source as
plain javascript in a non-jsp page (ex. html).
But when there is a backslash value '\\' value in a jsp page, after the jsp
engine parsing the output jsp java file didn't escape the backslash value in
the single quote string value, the incorrect result is "...'\\'...", while the
correct result should be "...'\\\\'...".
Steps to reproduce:
1) Create a index.jsp file add the following javascript code:
<script>
console.log('^?123'.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g, '\\$&');
<script>
2) Open the generated jsp java file, the result parsing is as follows:
...
out.write("console.log('^?123'.replace(/[\\-\\[\\]\\/\\{\\}\\(\\)\\*\\+\\?\\.\\\\\\^$\\|]/g,
'\\$&') + '(.*)');\r\n");
...
3) The correct generated jsp java file, should be as follows:
...
out.write("console.log('^?123'.replace(/[\\-\\[\\]\\/\\{\\}\\(\\)\\*\\+\\?\\.\\\\\\^$\\|]/g,
'\\\\$&') + '(.*)');\r\n");
...
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
