Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0001433 [Resin] major always 10-01-06 16:32 10-02-06 13:52
Reporter ccwf View Status public  
Assigned To ferg
Priority normal Resolution fixed  
Status closed   Product Version 3.0.22
Summary 0001433: multiple bugs with EL expression output in JSP document template data
Description Using expressions like

${'C'}a b c d e

and

${'}'}A B C

in template text in JSP documents (.jspx file) results in miscompiled .java source files in the work directory which have an extra, garbage character being output at the end of the directive.

The second example, a right curly brace inside a string literal exhibits an additional bug: an escaped quote is output before the right curly brace. The spec says that ${'}'} should just output the right curly brace.

Finally, the results of the EL expressions in template text are XML-escaped, whereas the spec implies that they should be unescaped (and that <c:out> should be used to produce escaped text).

These bugs only affect EL expressions in template data (outside of actions) in JSP documents, not JSP pages.
Additional Information I can't seem to attach the JSP document, so here it is:

<?xml version="1.0"?>
<jsp:root version="2.0"
          xmlns:jsp="http://java.sun.com/JSP/Page"> [^]
    <jsp:directive.page contentType="text/plain"/>
    <jsp:scriptlet>
        response.addHeader("Cache-control", "no-cache");
        pageContext.setAttribute("testString", "-'-");
    </jsp:scriptlet>
    Extra character at end: ${'string'}a b c d e<jsp:text>
    Extra character at end: ${'C'}1 2 3 4 5</jsp:text><jsp:text>
    Character escaped: ${testString}1 2 3 4 5</jsp:text><jsp:text>
    Extra characters before { and at end: ${'}'}A B C</jsp:text>
</jsp:root>

When run on my test system, it results in the following output:

    Extra character at end: stringa b c d ec
    Extra character at end: C1 2 3 4 5c
    Character escaped: -&0000039;-1 2 3 4 5
    Extra characters before { and at end: &0000039;}A B C&0000034;
Attached Files

- Relationships

- Notes
(0001555)
ccwf
10-01-06 16:35

Apologies for the duplicate issues: 1431 and 1432. Looks like Mantis opened issues despite the error message rejecting my attachment.
 
(0001556)
ccwf
10-01-06 18:46

Here are my horrible patches to JspContentHandler.java to deal with the three bugs above, but these are just hacks. Logging new String(buf, begin, length) near the start of the addText method shows that the extra character is present in the buffer passed into the method.

@@ -114,6 +119,7 @@
   private void addText(char []buf, int offset, int length)
     throws JspParseException
   {
+ boolean patched = false;
     int end = offset + length;
     int begin = offset;
 
@@ -134,10 +140,18 @@
           if (buf[offset] == '\'') {
             for (offset++; offset < end && buf[offset] != '\''; offset++) {
             }
+ if (!patched) {
+ --end;
+ patched = true;
+ }
           }
           else if (buf[offset] == '"') {
             for (offset++; offset < end && buf[offset] != '"'; offset++) {
             }
+ if (!patched) {
+ --end;
+ patched = true;
+ }
           }
           else
             offset++;
@@ -150,7 +164,8 @@
         QName qname = new QName("resin-c", "out", JspParser.JSTL_CORE_URI);
 
         _builder.startElement(qname);
- _builder.attribute(new QName("value"), value);
+ _builder.attribute(new QName("value"), value.replace("${'}'}", "}"));
+ _builder.attribute(new QName("escapeXml"), "false");
         _builder.endAttributes();
         _builder.endElement("resin-c:out");
 
(0001557)
ferg
10-02-06 13:52

jsp/0380
 

- Issue History
Date Modified Username Field Change
10-01-06 16:32 ccwf New Issue
10-01-06 16:35 ccwf Note Added: 0001555
10-01-06 18:46 ccwf Note Added: 0001556
10-02-06 13:52 ferg Note Added: 0001557
10-02-06 13:52 ferg Assigned To  => ferg
10-02-06 13:52 ferg Status new => closed
10-02-06 13:52 ferg Resolution open => fixed
10-02-06 13:52 ferg Fixed in Version  => 3.0.22


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
35 total queries executed.
30 unique queries executed.
Powered by Mantis Bugtracker