| Anonymous | Login | Signup for a new account | 04-18-2024 19:49 PDT |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0003976 | [Resin] | minor | always | 03-01-10 12:52 | 04-02-10 12:19 | ||||
| Reporter | ferg | View Status | public | ||||||
| Assigned To | ferg | ||||||||
| Priority | normal | Resolution | fixed | ||||||
| Status | closed | Product Version | |||||||
| Summary | 0003976: jsp:param behavior change in 4.0.5 | ||||||||
| Description |
(rep by Aaron Freeman) We are experiencing a fundamental change in how data is being passed as a jsp:param between 3.0.22 and 4.0.5. We need to know if this change is intentional as it has a work-heavy impact on converting our code base over which currently relies on the behavior of 3.0.x. It appears that a call to jsp:include was automatically URL decoding any strings that were passed in, and that that behavior has changed. I have included source to two files that will demonstrate the behavior change (in case it's not intentional). And here are the results of running it: ---- on resin-pro-3.0.22 ---- URL encoded before pass to jsp:include: Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26. Test: 1 < 2 and width="100ďand ampersand= Here it is as seen inside of test-process.jsp: Test: 1 < 2 and width="100%" and ampersand=&. ---- on resin-pro-4.0.5 ---- URL encoded before pass to jsp:include: Test%3A+1+%3C+2+and+width%3D%22100%25%22+and+ampersand%3D%26. Test: 1 < 2 and width="100ďand ampersand= Here it is as seen inside of test-process.jsp: Test:+1+<+2+and+width="100%"+and+ampersand=&. <%----- BEGIN test.jsp -----%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" [^] prefix="c" %> <%@ taglib uri="http://www.sendthisfile.com/taglib/httputil" [^] prefix="httputil" %> <c:if test="${!empty param.textarea}"> textarea param exists: ${param.textarea} <c:set var="textareaUrlEncodedBefore" value="${httputil:urlEncode(param.textarea)}"/> URL encoded before pass to jsp:include: ${textareaUrlEncodedBefore} </c:if> <%-- Set some requestscope variable in test.jsp --%> <jsp:include page="/test-process.jsp"> <jsp:param name="textarea" value="${param.textarea}"/> <jsp:param name="textareaUrlEncoded" value="${textareaUrlEncodedBefore}"/> </jsp:include> <form action="/test.jsp"> <textarea name="textarea">${requestScope.processedTextarea}</textarea> <input type="submit"></input> </form> <c:if test="${!empty requestScope.urlEncoded}"> Here it is as seen inside of test-process.jsp: ${requestScope.urlEncoded} </c:if> <%----- END test.jsp -----%> <%----- BEGIN test-process.jsp -----%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" [^] prefix="c" %> <c:choose> <c:when test="${empty param.textarea}"> <c:set var="processedTextarea" scope="request">Test: 1 < 2 and width="100%" and ampersand=&.</c:set> </c:when> <c:otherwise> <c:set var="processedTextarea" scope="request">${param.textarea}</c:set> </c:otherwise> </c:choose> <c:set var="urlEncoded" scope="request">${param.textareaUrlEncoded}</c:set> <%----- END test-process.jsp -----%> Thanks for your thoughts on this, |
||||||||
| Additional Information | |||||||||
| Attached Files | |||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0004515) ferg 04-02-10 12:19 |
jsp/15n3 Even with the fix, though, Resin is responsible for any encoding, not the application. So it's incorrect to escape the content before sending it to Resin. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 03-01-10 12:52 | ferg | New Issue | |
| 04-02-10 12:19 | ferg | Note Added: 0004515 | |
| 04-02-10 12:19 | ferg | Assigned To | => ferg |
| 04-02-10 12:19 | ferg | Status | new => closed |
| 04-02-10 12:19 | ferg | Resolution | open => fixed |
| 04-02-10 12:19 | ferg | Fixed in Version | => 4.0.6 |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
28 total queries executed. 25 unique queries executed. |  |
