2014-03-14 15:37 GMT+04:00 Zboron Lukas <lzbo...@gratex.com>: > Hi, > I have several custom jspx tags with dynamic attributes that worked well up > to Tomcat 7.0.47, but they do not work properly on Tomcat 7.0.52. Same > problems occur also when using Spring form tags (I suspect that other > libraries would have same problem, but I didn't test them). > > sample (data-test[2] is dynamic attribute, onclick is static): > <c:set var="world" value="'World'"></c:set> > <sf:form onclick="window.alert('Hello ${world}!')" > data-test="window.alert('Hello ${world}!')" > data-test2="window.alert('Hello World!')" > tomcat 7.0.47 output: > <form onclick="window.alert('Hello 'World'!')" > data-test="window.alert('Hello 'World'!')" > data-test2="window.alert('Hello World!')" > tomcat 7.0.52 output: > <form onclick="window.alert('Hello 'World'!')" > data-test="window.alert(&#039;Hello 'World'!&#039;)" > data-test2="window.alert('Hello World!')" > > If there is EL used in dynamic attribute (data-test), non-EL part of that > attribute is escaped twice, EL part is escaped only once. Tomcat 7.0.47 > would escape everything just once. > Everything works as before if static attribute is used (onclick) or there is > no EL in dynamic attribute (data-test2). >
I prepared a reproducer and filed the following issue: https://issues.apache.org/bugzilla/show_bug.cgi?id=56265 Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org