Mantis - Resin
Viewing Issue Advanced Details
1433 major always 10-02-06 16:32 10-03-06 13:52
ccwf  
ferg  
normal  
closed 3.0.22  
fixed  
none    
none 3.0.22  
0001433: multiple bugs with EL expression output in JSP document template data
Using expressions like

${'C'}a b c d e

and

${'}'}A B C

in template text in JSP documents (.jspx file) results in miscompiled .java source files in the work directory which have an extra, garbage character being output at the end of the directive.

The second example, a right curly brace inside a string literal exhibits an additional bug: an escaped quote is output before the right curly brace. The spec says that ${'}'} should just output the right curly brace.

Finally, the results of the EL expressions in template text are XML-escaped, whereas the spec implies that they should be unescaped (and that <c:out> should be used to produce escaped text).

These bugs only affect EL expressions in template data (outside of actions) in JSP documents, not JSP pages.
I can't seem to attach the JSP document, so here it is:

<?xml version="1.0"?>
<jsp:root version="2.0"
          xmlns:jsp="http://java.sun.com/JSP/Page"> [^]
    <jsp:directive.page contentType="text/plain"/>
    <jsp:scriptlet>
        response.addHeader("Cache-control", "no-cache");
        pageContext.setAttribute("testString", "-'-");
    </jsp:scriptlet>
    Extra character at end: ${'string'}a b c d e<jsp:text>
    Extra character at end: ${'C'}1 2 3 4 5</jsp:text><jsp:text>
    Character escaped: ${testString}1 2 3 4 5</jsp:text><jsp:text>
    Extra characters before { and at end: ${'}'}A B C</jsp:text>
</jsp:root>

When run on my test system, it results in the following output:

    Extra character at end: stringa b c d ec
    Extra character at end: C1 2 3 4 5c
    Character escaped: -&0000039;-1 2 3 4 5
    Extra characters before { and at end: &0000039;}A B C&0000034;

Notes
(0001555)
ccwf   
10-02-06 16:35   
Apologies for the duplicate issues: 1431 and 1432. Looks like Mantis opened issues despite the error message rejecting my attachment.
(0001556)
ccwf   
10-02-06 18:46   
Here are my horrible patches to JspContentHandler.java to deal with the three bugs above, but these are just hacks. Logging new String(buf, begin, length) near the start of the addText method shows that the extra character is present in the buffer passed into the method.

@@ -114,6 +119,7 @@
   private void addText(char []buf, int offset, int length)
     throws JspParseException
   {
+ boolean patched = false;
     int end = offset + length;
     int begin = offset;
 
@@ -134,10 +140,18 @@
           if (buf[offset] == '\'') {
             for (offset++; offset < end && buf[offset] != '\''; offset++) {
             }
+ if (!patched) {
+ --end;
+ patched = true;
+ }
           }
           else if (buf[offset] == '"') {
             for (offset++; offset < end && buf[offset] != '"'; offset++) {
             }
+ if (!patched) {
+ --end;
+ patched = true;
+ }
           }
           else
             offset++;
@@ -150,7 +164,8 @@
         QName qname = new QName("resin-c", "out", JspParser.JSTL_CORE_URI);
 
         _builder.startElement(qname);
- _builder.attribute(new QName("value"), value);
+ _builder.attribute(new QName("value"), value.replace("${'}'}", "}"));
+ _builder.attribute(new QName("escapeXml"), "false");
         _builder.endAttributes();
         _builder.endElement("resin-c:out");
(0001557)
ferg   
10-03-06 13:52   
jsp/0380