Anonymous | Login | Signup for a new account | 12-17-2024 10:47 PST |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
0003976 | [Resin] | minor | always | 03-31-10 12:52 | 04-02-10 12:19 | ||||
Reporter | ferg | View Status | public | ||||||
Assigned To | ferg | ||||||||
Priority | normal | Resolution | fixed | Platform | |||||
Status | closed | OS | |||||||
Projection | none | OS Version | |||||||
ETA | none | Fixed in Version | 4.0.6 | Product Version | |||||
Product Build | |||||||||
Summary | 0003976: jsp:param behavior change in 4.0.5 | ||||||||
Description |
(rep by Aaron Freeman) We are experiencing a fundamental change in how data is being passed as a jsp:param between 3.0.22 and 4.0.5. We need to know if this change is intentional as it has a work-heavy impact on converting our code base over which currently relies on the behavior of 3.0.x. It appears that a call to jsp:include was automatically URL decoding any strings that were passed in, and that that behavior has changed. I have included source to two files that will demonstrate the behavior change (in case it's not intentional). And here are the results of running it: ---- on resin-pro-3.0.22 ---- URL encoded before pass to jsp:include: Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26. Test: 1 < 2 and width="100ďand ampersand= Here it is as seen inside of test-process.jsp: Test: 1 < 2 and width="100%" and ampersand=&. ---- on resin-pro-4.0.5 ---- URL encoded before pass to jsp:include: Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26. Test: 1 < 2 and width="100ďand ampersand= Here it is as seen inside of test-process.jsp: Test:+1+<+2+and+width="100%"+and+ampersand=&. <%----- BEGIN test.jsp -----%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" [^] prefix="c" %> <%@ taglib uri="http://www.sendthisfile.com/taglib/httputil" [^] prefix="httputil" %> <c:if test="${!empty param.textarea}"> textarea param exists: ${param.textarea} <c:set var="textareaUrlEncodedBefore" value="${httputil:urlEncode(param.textarea)}"/> URL encoded before pass to jsp:include: ${textareaUrlEncodedBefore} </c:if> <%-- Set some requestscope variable in test.jsp --%> <jsp:include page="/test-process.jsp"> <jsp:param name="textarea" value="${param.textarea}"/> <jsp:param name="textareaUrlEncoded" value="${textareaUrlEncodedBefore}"/> </jsp:include> <form action="/test.jsp"> <textarea name="textarea">${requestScope.processedTextarea}</textarea> <input type="submit"></input> </form> <c:if test="${!empty requestScope.urlEncoded}"> Here it is as seen inside of test-process.jsp: ${requestScope.urlEncoded} </c:if> <%----- END test.jsp -----%> <%----- BEGIN test-process.jsp -----%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" [^] prefix="c" %> <c:choose> <c:when test="${empty param.textarea}"> <c:set var="processedTextarea" scope="request">Test: 1 < 2 and width="100%" and ampersand=&.</c:set> </c:when> <c:otherwise> <c:set var="processedTextarea" scope="request">${param.textarea}</c:set> </c:otherwise> </c:choose> <c:set var="urlEncoded" scope="request">${param.textareaUrlEncoded}</c:set> <%----- END test-process.jsp -----%> Thanks for your thoughts on this, |
||||||||
Steps To Reproduce | |||||||||
Additional Information | |||||||||
Attached Files | |||||||||
|
Notes | |
(0004515) ferg 04-02-10 12:19 |
jsp/15n3 Even with the fix, though, Resin is responsible for any encoding, not the application. So it's incorrect to escape the content before sending it to Resin. |
Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
28 total queries executed. 25 unique queries executed. |