From: markt Date: Tue, 7 Oct 2008 19:10:51 +0000 (+0000) Subject: EG confirmed that attribute values should be fully escaped, including any EL. Note... X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=bec7d1956e43d4937215d2e9b4eac0ad8b8d0940;p=tomcat7.0 EG confirmed that attribute values should be fully escaped, including any EL. Note this does not fix bug 45451. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@702587 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/java/org/apache/jasper/compiler/Parser.java b/java/org/apache/jasper/compiler/Parser.java index 0f1a39470..9cc97902b 100644 --- a/java/org/apache/jasper/compiler/Parser.java +++ b/java/org/apache/jasper/compiler/Parser.java @@ -265,7 +265,6 @@ class Parser implements TagConstants { private String parseQuoted(Mark start, String tx, char quote) throws JasperException { StringBuffer buf = new StringBuffer(); - boolean possibleEL = tx.contains("${"); int size = tx.length(); int i = 0; while (i < size) { @@ -287,20 +286,10 @@ class Parser implements TagConstants { } } else if (ch == '\\' && i + 1 < size) { ch = tx.charAt(i + 1); - if (ch == '\\' || ch == '\"' || ch == '\'') { - if (pageInfo.isELIgnored() || !possibleEL) { - // EL is not enabled or no chance of EL - // Unescape these now - buf.append(ch); - i += 2; - } else { - // EL is enabled and ${ appears in value - // EL processing will escape these - buf.append('\\'); - buf.append(ch); - i += 2; - } - } else if (ch == '>') { + if (ch == '\\' || ch == '\"' || ch == '\'' || (ch == '>')) { + // \ " and ' are always unescaped regardless of if they are + // or outside of an EL expression. JSP.1.6 takes precedence + // over JSP.1.3.10 (confirmed with EG) buf.append(ch); i += 2; } else {