Re: svn commit: r1586890 - in /tomcat/trunk: java/org/apache/jasper/compiler/ELParser.java test/org/apache/jasper/compiler/TestELParser.java test/org/apache/jasper/compiler/TestParser.java test/webapp/bug5nnnn/bug56334.jspx webapps/docs/changelog.xml

Sun, 13 Apr 2014 14:31:23 -0700 

2014-04-13 0:07 GMT+04:00  <[email protected]>:
> Author: markt
> Date: Sat Apr 12 20:07:54 2014
> New Revision: 1586890
>
> URL: http://svn.apache.org/r1586890
> Log:
> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56334
> Correct double backslash escaping in attributes
>
> Added:
>     tomcat/trunk/test/webapp/bug5nnnn/bug56334.jspx
> Modified:
>     tomcat/trunk/java/org/apache/jasper/compiler/ELParser.java
>     tomcat/trunk/test/org/apache/jasper/compiler/TestELParser.java
>     tomcat/trunk/test/org/apache/jasper/compiler/TestParser.java
>     tomcat/trunk/webapps/docs/changelog.xml
>
> Modified: tomcat/trunk/java/org/apache/jasper/compiler/ELParser.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/ELParser.java?rev=1586890&r1=1586889&r2=1586890&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/jasper/compiler/ELParser.java (original)
> +++ tomcat/trunk/java/org/apache/jasper/compiler/ELParser.java Sat Apr 12 
> 20:07:54 2014
> @@ -209,7 +209,7 @@ public class ELParser {
>                  prev = 0;
>                  if (ch == '\\') {
>                      buf.append('\\');
> -                    prev = '\\';
> +                    continue;
>                  } else if (ch == '$'
>                          || (!isDeferredSyntaxAllowedAsLiteral && ch == '#')) 
> {
>                      buf.append(ch);

I think it needs 'continue;' here in this branch as well.
(So that  "if (ch == '\\' || ch == '$' " block below does not happen
and does not set prev=ch. )

I wonder what a test case it will be.

> @@ -468,18 +468,18 @@ public class ELParser {
>
>          @Override
>          public void visit(Function n) throws JasperException {
> -            output.append(n.getOriginalText());
> +            output.append(Generator.escape(n.getOriginalText()));

The above method is escaping for Java strings.
E.g. it escapes LF -> '\' + 'n', but that is a wrong escaping for this use case.

>              output.append('(');
>          }
>
>          @Override
>          public void visit(Text n) throws JasperException {
> -            output.append(n.getText());
> +            output.append(Generator.escape(n.getText()));
>          }
>
>          @Override
>          public void visit(ELText n) throws JasperException {
> -            output.append(n.getText());
> +            output.append(Generator.escape(n.getText()));
>          }
>      }
>  }
>

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to