Re: [Resin-interest] jsp:param behavior change from 3.0.22 to 4.0.5

2010-04-02 Thread Scott Ferguson 
Aaron Freeman wrote:
 Ok, thanks, we will hold off on pushing forward on upgrading until we 
 get some idea as to whether this is an issue or not.
   
I checked with the spec and the reference implementation: you're not 
supposed to escape content inside a jsp:param. The container is 
responsible for any encoding.

However, Resin does have a bug in its own encoding for 4.0.5 (fixed for 
4.0.6.) So you'll need to wait until at least 4.0.6 for the fix.

(4.0.6 is expected next week. It's a short ipv6 release.)

-- Scott
 Aaron


 On 3/31/2010 2:53 PM, Scott Ferguson wrote:
   
 Aaron Freeman wrote:

 
 We are experiencing a fundamental change in how data is being passed as
 a jsp:param between 3.0.22 and 4.0.5.  We need to know if this change is
 intentional as it has a work-heavy impact on converting our code base
 over which currently relies on the behavior of 3.0.x.

 It appears that a call to jsp:include was automatically URL decoding any
 strings that were passed in, and that that behavior has changed.

 I have included source to two files that will demonstrate the behavior
 change (in case it's not intentional).  And here are the results of
 running it:

  
   
 I've added a bug report for this at http://bugs.caucho.com/view.php?id=3976.

 I'll need to check, but there's a good chance this change was made to
 conform to either the JSP or JSTL spec/TCK.

 -- Scott

 
  on resin-pro-3.0.22 

 URL encoded before pass to jsp:include:
 Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.

 Test: 1  2 and width=100ïand ampersand=
 Here it is as seen inside of test-process.jsp:
 Test: 1  2 and width=100% and ampersand=.


  on resin-pro-4.0.5 

 URL encoded before pass to jsp:include:
 Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.

 Test: 1  2 and width=100ïand ampersand=
 Here it is as seen inside of test-process.jsp:
 Test:+1++2+and+width=100%+and+ampersand=.



 %- BEGIN test.jsp -%
 %@ taglib uri=http://java.sun.com/jsp/jstl/core; prefix=c %
 %@ taglib uri=http://www.sendthisfile.com/taglib/httputil;
 prefix=httputil %

 c:if test=${!empty param.textarea}
   textarea param exists:br/
   ${param.textarea}br/br/

 c:set var=textareaUrlEncodedBefore
 value=${httputil:urlEncode(param.textarea)}/
   URL encoded before pass to jsp:include:br/
   ${textareaUrlEncodedBefore}br/br/
 /c:if

 %-- Set some requestscope variable in test.jsp --%
 jsp:include page=/test-process.jsp
 jsp:param name=textarea value=${param.textarea}/
 jsp:param name=textareaUrlEncoded value=${textareaUrlEncodedBefore}/
 /jsp:include

 form action=/test.jsp

 textarea name=textarea${requestScope.processedTextarea}/textarea

 input type=submit/input

 /form

 c:if test=${!empty requestScope.urlEncoded}
   Here it is as seen inside of test-process.jsp:br/
   ${requestScope.urlEncoded}
 /c:if
 %- END test.jsp -%


 %- BEGIN test-process.jsp -%
 %@ taglib uri=http://java.sun.com/jsp/jstl/core; prefix=c %

 c:choose

 c:when test=${empty param.textarea}
 c:set var=processedTextarea scope=requestTest: 1  2 and
 width=100% and ampersand=./c:set
 /c:when

 c:otherwise
 c:set var=processedTextarea scope=request${param.textarea}/c:set
 /c:otherwise

 /c:choose

 c:set var=urlEncoded scope=request${param.textareaUrlEncoded}/c:set
 %- END test-process.jsp -%


 Thanks for your thoughts on this,

 Aaron
  
   



 ___
 resin-interest mailing list
 resin-interest@caucho.com
 http://maillist.caucho.com/mailman/listinfo/resin-interest

   



___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Re: [Resin-interest] jsp:param behavior change from 3.0.22 to 4.0.5

2010-03-31 Thread Aaron Freeman 
Oh, you will have to swap out the httputil with whatever you use to 
URLEncode strings in order to test it.


Thanks,

Aaron


On 3/31/2010 2:46 PM, Aaron Freeman wrote:

We are experiencing a fundamental change in how data is being passed as
a jsp:param between 3.0.22 and 4.0.5.  We need to know if this change is
intentional as it has a work-heavy impact on converting our code base
over which currently relies on the behavior of 3.0.x.

It appears that a call to jsp:include was automatically URL decoding any
strings that were passed in, and that that behavior has changed.

I have included source to two files that will demonstrate the behavior
change (in case it's not intentional).  And here are the results of
running it:

 on resin-pro-3.0.22 

URL encoded before pass to jsp:include:
Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.

Test: 1  2 and width=100ïand ampersand=
Here it is as seen inside of test-process.jsp:
Test: 1  2 and width=100% and ampersand=.


 on resin-pro-4.0.5 

URL encoded before pass to jsp:include:
Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.

Test: 1  2 and width=100ïand ampersand=
Here it is as seen inside of test-process.jsp:
Test:+1++2+and+width=100%+and+ampersand=.



%- BEGIN test.jsp -%
%@ taglib uri=http://java.sun.com/jsp/jstl/core; prefix=c %
%@ taglib uri=http://www.sendthisfile.com/taglib/httputil;
prefix=httputil %

c:if test=${!empty param.textarea}
  textarea param exists:br/
  ${param.textarea}br/br/

c:set var=textareaUrlEncodedBefore
value=${httputil:urlEncode(param.textarea)}/
  URL encoded before pass to jsp:include:br/
  ${textareaUrlEncodedBefore}br/br/
/c:if

%-- Set some requestscope variable in test.jsp --%
jsp:include page=/test-process.jsp
jsp:param name=textarea value=${param.textarea}/
jsp:param name=textareaUrlEncoded value=${textareaUrlEncodedBefore}/
/jsp:include

form action=/test.jsp

textarea name=textarea${requestScope.processedTextarea}/textarea

input type=submit/input

/form

c:if test=${!empty requestScope.urlEncoded}
  Here it is as seen inside of test-process.jsp:br/
  ${requestScope.urlEncoded}
/c:if
%- END test.jsp -%


%- BEGIN test-process.jsp -%
%@ taglib uri=http://java.sun.com/jsp/jstl/core; prefix=c %

c:choose

c:when test=${empty param.textarea}
c:set var=processedTextarea scope=requestTest: 1  2 and
width=100% and ampersand=./c:set
/c:when

c:otherwise
c:set var=processedTextarea scope=request${param.textarea}/c:set
/c:otherwise

/c:choose

c:set var=urlEncoded scope=request${param.textareaUrlEncoded}/c:set
%- END test-process.jsp -%


Thanks for your thoughts on this,

Aaron


___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
   




No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.791 / Virus Database: 271.1.1/2781 - Release Date: 03/31/10 
01:32:00

   


___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Re: [Resin-interest] jsp:param behavior change from 3.0.22 to 4.0.5

2010-03-31 Thread Scott Ferguson 
Aaron Freeman wrote:
 We are experiencing a fundamental change in how data is being passed as 
 a jsp:param between 3.0.22 and 4.0.5.  We need to know if this change is 
 intentional as it has a work-heavy impact on converting our code base 
 over which currently relies on the behavior of 3.0.x.

 It appears that a call to jsp:include was automatically URL decoding any 
 strings that were passed in, and that that behavior has changed.

 I have included source to two files that will demonstrate the behavior 
 change (in case it's not intentional).  And here are the results of 
 running it:
   

I've added a bug report for this at http://bugs.caucho.com/view.php?id=3976.

I'll need to check, but there's a good chance this change was made to 
conform to either the JSP or JSTL spec/TCK.

-- Scott
  on resin-pro-3.0.22 

 URL encoded before pass to jsp:include:
 Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.

 Test: 1  2 and width=100ïand ampersand=
 Here it is as seen inside of test-process.jsp:
 Test: 1  2 and width=100% and ampersand=.


  on resin-pro-4.0.5 

 URL encoded before pass to jsp:include:
 Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26.

 Test: 1  2 and width=100ïand ampersand=
 Here it is as seen inside of test-process.jsp:
 Test:+1++2+and+width=100%+and+ampersand=.



 %- BEGIN test.jsp -%
 %@ taglib uri=http://java.sun.com/jsp/jstl/core; prefix=c %
 %@ taglib uri=http://www.sendthisfile.com/taglib/httputil; 
 prefix=httputil %

 c:if test=${!empty param.textarea}
  textarea param exists:br/
  ${param.textarea}br/br/

 c:set var=textareaUrlEncodedBefore 
 value=${httputil:urlEncode(param.textarea)}/
  URL encoded before pass to jsp:include:br/
  ${textareaUrlEncodedBefore}br/br/
 /c:if

 %-- Set some requestscope variable in test.jsp --%
 jsp:include page=/test-process.jsp
 jsp:param name=textarea value=${param.textarea}/
 jsp:param name=textareaUrlEncoded value=${textareaUrlEncodedBefore}/
 /jsp:include

 form action=/test.jsp

 textarea name=textarea${requestScope.processedTextarea}/textarea

 input type=submit/input

 /form

 c:if test=${!empty requestScope.urlEncoded}
  Here it is as seen inside of test-process.jsp:br/
  ${requestScope.urlEncoded}
 /c:if
 %- END test.jsp -%


 %- BEGIN test-process.jsp -%
 %@ taglib uri=http://java.sun.com/jsp/jstl/core; prefix=c %

 c:choose

 c:when test=${empty param.textarea}
 c:set var=processedTextarea scope=requestTest: 1  2 and 
 width=100% and ampersand=./c:set
 /c:when

 c:otherwise
 c:set var=processedTextarea scope=request${param.textarea}/c:set
 /c:otherwise

 /c:choose

 c:set var=urlEncoded scope=request${param.textareaUrlEncoded}/c:set
 %- END test-process.jsp -%


 Thanks for your thoughts on this,

 Aaron


 ___
 resin-interest mailing list
 resin-interest@caucho.com
 http://maillist.caucho.com/mailman/listinfo/resin-interest

   



___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest