I think I have got to the bottom of why the EL has been so fragile and
why the fixes to the various edge case bug fixes have invariably created
new edge cases. It is probably easier to explain by considering an
example. Using the echo tag from the newly added EL test cases consider
the following JSP extract:
<tags:echo echo="${1+1}" />
<tags:echo echo="\${1+1}" />
<tags:echo echo="\\${1+1}" />
The JSP and EL specs are a little fuzzy/inconsistent but the guidance we
received from the expert group was:
- the whole attribute should be unquoted as per the rules for quoting
JSP attributes
- everything outside an actual expression after unquoting should be
treated as a literal
The issue is that we performed JSP attribute unquoting and EL parsing in
two independent steps. This creates an ambiguity. If the attribute
values above are unquoted then we get the following:
${1+1}
${1+1}
\${1+1}
The first is an EL expression and will be treated as such.
The second is a literal. However, the EL parser will treat it as an
expression.
The third is a literal '\' followed by an expression but the EL parser
will see an escaped literal.
My proposed solution is to modify the output of the attribute unquoting
to ensure the EL Parser correctly interprets the result. ie:
${1+1}
${'$'}{1+1}
${'\'}${1+1}
In writing this I think a few of my test cases might still be wrong.
I'll take a look and update them as necessary.
I have some rough code that implements this scheme. I am in the process
of integrating it into Jasper for trunk. I can see this taking little
while to iron out the wrinkles before I'll be ready t propose a
back-port for 6.0.x. I don't think we should hold up the 6.0.x release
for this. I think it is more important to get the next 6.0.x release out
than to wait to fix something that has been broken for quite a while anyway.
One area where help would be appreciated is in the test cases. If folks
see an edge case that isn't covered by the current set of tests please
do add it.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
