Include tag is not safe (as result of the bug in FastByteArrayOutputStream)
---------------------------------------------------------------------------
Key: WW-2412
URL: https://issues.apache.org/struts/browse/WW-2412
Project: Struts 2
Issue Type: Bug
Affects Versions: 2.0.11
Environment: tomcat 6, windows or linux
Reporter: StarBreeze
There is no activity on WW-826 and I cannot reopen it, so I am creting new
issue.
Struts include tag uses the FastByteArrayOutputStream class that copies content
of included JSP into the response stream by constant sized char blocks.
But UTF-8 symbols have different length in bytes. You cannot split a byte
stream until you exactly know lengths of it char parts (in bytes).
As alternative, you may copy bytes, but DO NOT DO new String(bytes, encoding).
Seems the second approach is not applicable to the char's http response.
There is the good patch already: http://jira.atlassian.com/browse/JRA-13866
It solves the problem.
The bug can be reproduced by rendering a large (>8KB) block of non ANSI symbols
in the included JSP (JSP must be included by the struts include tag). Both
parent and included JSPs must have contentType="text/html; charset=UTF-8".
In this situation you may see two garbage symbols on the joint of two buffer
rendering result. Looks very unpleasant..
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
