From 32a7be93808bf56fb2d19b7a588b04a70ef0af2b Mon Sep 17 00:00:00 2001 From: markt Date: Sun, 31 Jan 2010 01:40:39 +0000 Subject: [PATCH] Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48627 Don't convert literal attribute values to EL since attributes may not accept EL git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@904949 13f79535-47bb-0310-9956-ffa450edef68 --- .../apache/jasper/compiler/AttributeParser.java | 52 +++++++++++++++------- java/org/apache/jasper/compiler/Parser.java | 3 +- .../jasper/compiler/TestAttributeParser.java | 6 ++- 3 files changed, 42 insertions(+), 19 deletions(-) diff --git a/java/org/apache/jasper/compiler/AttributeParser.java b/java/org/apache/jasper/compiler/AttributeParser.java index ca99e862f..87a63f894 100644 --- a/java/org/apache/jasper/compiler/AttributeParser.java +++ b/java/org/apache/jasper/compiler/AttributeParser.java @@ -43,13 +43,16 @@ public class AttributeParser { * scripting expressions. * @param isELIgnored Is expression language being ignored on the page * where the JSP attribute is defined. + * @param isDeferredSyntaxAllowedAsLiteral + * Are deferred expressions treated as literals? * @return An unquoted JSP attribute that, if it contains * expression language can be safely passed to the EL * processor without fear of ambiguity. */ public static String getUnquoted(String input, char quote, - boolean isELIgnored) { + boolean isELIgnored, boolean isDeferredSyntaxAllowedAsLiteral) { return (new AttributeParser(input, quote, isELIgnored, + isDeferredSyntaxAllowedAsLiteral, STRICT_QUOTE_ESCAPING)).getUnquoted(); } @@ -62,15 +65,18 @@ public class AttributeParser { * scripting expressions. * @param isELIgnored Is expression language being ignored on the page * where the JSP attribute is defined. + * @param isDeferredSyntaxAllowedAsLiteral + * Are deferred expressions treated as literals? * @param strict The value to use for STRICT_QUOTE_ESCAPING. * @return An unquoted JSP attribute that, if it contains * expression language can be safely passed to the EL * processor without fear of ambiguity. */ protected static String getUnquoted(String input, char quote, - boolean isELIgnored, boolean strict) { + boolean isELIgnored, boolean isDeferredSyntaxAllowedAsLiteral, + boolean strict) { return (new AttributeParser(input, quote, isELIgnored, - strict)).getUnquoted(); + isDeferredSyntaxAllowedAsLiteral, strict)).getUnquoted(); } /* The quoted input string. */ @@ -83,6 +89,9 @@ public class AttributeParser { * treated as literals rather than quoted values. */ private final boolean isELIgnored; + /* Are deferred expression treated as literals */ + private final boolean isDeferredSyntaxAllowedAsLiteral; + /* Overrides the STRICT_QUOTE_ESCAPING. Used for Unit tests only. */ private final boolean strict; @@ -109,12 +118,15 @@ public class AttributeParser { * @param strict */ private AttributeParser(String input, char quote, - boolean isELIgnored, boolean strict) { + boolean isELIgnored, boolean isDeferredSyntaxAllowedAsLiteral, + boolean strict) { this.input = input; this.quote = quote; // If quote is null this is a scriptign expressions and any EL syntax // should be ignored this.isELIgnored = isELIgnored || (quote == 0); + this.isDeferredSyntaxAllowedAsLiteral = + isDeferredSyntaxAllowedAsLiteral; this.strict = strict; this.type = getType(input); this.size = input.length(); @@ -151,22 +163,27 @@ public class AttributeParser { char ch = nextChar(); if (!isELIgnored && ch == '\\') { if (type == 0) { - type = '$'; + result.append("\\"); + } else { + result.append(type); + result.append("{'\\\\'}"); } - result.append(type); - result.append("{'\\\\'}"); } else if (!isELIgnored && ch == '$' && lastChEscaped){ if (type == 0) { - type = '$'; + result.append("\\$"); + } else { + result.append(type); + result.append("{'$'}"); } - result.append(type); - result.append("{'$'}"); } else if (!isELIgnored && ch == '#' && lastChEscaped){ + // Note if isDeferredSyntaxAllowedAsLiteral==true, \# will + // not be treated as an escape if (type == 0) { - type = '$'; + result.append("\\#"); + } else { + result.append(type); + result.append("{'#'}"); } - result.append(type); - result.append("{'#'}"); } else if (ch == type){ if (i < size) { char next = input.charAt(i); @@ -261,7 +278,10 @@ public class AttributeParser { } else if (ch == '\\' && i + 1 < size) { ch = input.charAt(i + 1); if (ch == '\\' || ch == '\"' || ch == '\'' || - (!isELIgnored && (ch == '$' || ch == '#'))) { + (!isELIgnored && + (ch == '$' || + (!isDeferredSyntaxAllowedAsLiteral && + ch == '#')))) { i += 2; lastChEscaped = true; } else { @@ -311,13 +331,13 @@ public class AttributeParser { int j = 0; int len = value.length(); char current; - + while (j < len) { current = value.charAt(j); if (current == '\\') { // Escape character - skip a character j++; - } else if (current == '#') { + } else if (current == '#' && !isDeferredSyntaxAllowedAsLiteral) { if (j < (len -1) && value.charAt(j + 1) == '{') { return '#'; } diff --git a/java/org/apache/jasper/compiler/Parser.java b/java/org/apache/jasper/compiler/Parser.java index 2fd555ded..c6349e740 100644 --- a/java/org/apache/jasper/compiler/Parser.java +++ b/java/org/apache/jasper/compiler/Parser.java @@ -249,7 +249,8 @@ class Parser implements TagConstants { quote = watch.charAt(0); } ret = AttributeParser.getUnquoted(reader.getText(start, stop), - quote, pageInfo.isELIgnored()); + quote, pageInfo.isELIgnored(), + pageInfo.isDeferredSyntaxAllowedAsLiteral()); } catch (IllegalArgumentException iae) { err.jspError(start, iae.getMessage()); } diff --git a/test/org/apache/jasper/compiler/TestAttributeParser.java b/test/org/apache/jasper/compiler/TestAttributeParser.java index 650c5bfad..3e806e658 100644 --- a/test/org/apache/jasper/compiler/TestAttributeParser.java +++ b/test/org/apache/jasper/compiler/TestAttributeParser.java @@ -150,13 +150,15 @@ public class TestAttributeParser extends TestCase { ctx.setFunctionMapper(new FMapper()); ExpressionFactoryImpl exprFactory = new ExpressionFactoryImpl(); ValueExpression ve = exprFactory.createValueExpression(ctx, - AttributeParser.getUnquoted(expression, quote, false, false), + AttributeParser.getUnquoted(expression, quote, false, false, + false), String.class); return (String) ve.getValue(ctx); } private String parseScriptExpression(String expression, char quote) { - return AttributeParser.getUnquoted(expression, quote, false, false); + return AttributeParser.getUnquoted(expression, quote, false, false, + false); } public static class FMapper extends FunctionMapper { -- 2.11.0