From f6e3856f873589bdfac06c6c166438b784012189 Mon Sep 17 00:00:00 2001 From: markt Date: Sun, 10 Apr 2011 10:35:55 +0000 Subject: [PATCH] Check tag file attribute names are valid Java identifiers git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1090766 13f79535-47bb-0310-9956-ffa450edef68 --- java/org/apache/jasper/compiler/JspUtil.java | 25 ++++++++++++++++++++++ java/org/apache/jasper/compiler/Parser.java | 12 +++++++++++ .../jasper/resources/LocalStrings.properties | 2 ++ webapps/docs/changelog.xml | 4 ++++ 4 files changed, 43 insertions(+) diff --git a/java/org/apache/jasper/compiler/JspUtil.java b/java/org/apache/jasper/compiler/JspUtil.java index 7d693cc75..d7b171f18 100644 --- a/java/org/apache/jasper/compiler/JspUtil.java +++ b/java/org/apache/jasper/compiler/JspUtil.java @@ -858,6 +858,31 @@ public class JspUtil { return false; } + public static boolean isJavaIdentifier(String key) { + // Should not be the case but check to be sure + if (key == null || key.length() == 0) { + return false; + } + + if (isJavaKeyword(key)) { + return false; + } + + // Check the start character that has more restrictions + if (!Character.isJavaIdentifierStart(key.charAt(0))) { + return false; + } + + // Check each remaining character used is permitted + for (int idx = 1; idx < key.length(); idx++) { + if (!Character.isJavaIdentifierPart(key.charAt(idx))) { + return false; + } + } + + return true; + } + static InputStreamReader getReader(String fname, String encoding, JarFile jarFile, JspCompilationContext ctxt, ErrorDispatcher err) throws JasperException, IOException { diff --git a/java/org/apache/jasper/compiler/Parser.java b/java/org/apache/jasper/compiler/Parser.java index d7be14c01..2abcece40 100644 --- a/java/org/apache/jasper/compiler/Parser.java +++ b/java/org/apache/jasper/compiler/Parser.java @@ -593,6 +593,18 @@ class Parser implements TagConstants { */ private void parseAttributeDirective(Node parent) throws JasperException { Attributes attrs = parseAttributes(); + // JSP.8.3 says the variable created for each attribute must have the + // same name as the attribute. Therefore, the names must be valid Java + // identifiers + if (attrs != null && attrs.getLength() > 0) { + for (int i = 0; i < attrs.getLength(); i++) { + if ("name".equals(attrs.getLocalName(i)) && + !JspUtil.isJavaIdentifier(attrs.getValue(i))) { + err.jspError(start, "jsp.error.identifier", + attrs.getValue(i)); + } + } + } new Node.AttributeDirective(attrs, start, parent); } diff --git a/java/org/apache/jasper/resources/LocalStrings.properties b/java/org/apache/jasper/resources/LocalStrings.properties index 33121f8a4..c2ffcfe61 100644 --- a/java/org/apache/jasper/resources/LocalStrings.properties +++ b/java/org/apache/jasper/resources/LocalStrings.properties @@ -486,4 +486,6 @@ jsp.message.jsp_removed_excess=Removing excess JSP for path [{0}] from queue of jsp.message.jsp_removed_idle=Removing idle JSP for path [{0}] in context [{1}] after {2} seconds"); jsp.message.jsp_unload_check=Checking JSPs for unload in context [{0}], JSP count: {1} queue length: {2} +jsp.error.identifier=The attribute name [{0}] is invalid since it is not a valid Java identifier + xmlParser.skipBomFail=Failed to skip BOM when parsing XML input stream diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 19474d821..2acfb7a4f 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -77,6 +77,10 @@ Label JSP/tag file line and column numbers when reporting errors since it may not be immediately obvious what the numbers represent. (markt) + + 36362: Check that tag file attribute names are valid Java + identifiers. (markt) + -- 2.11.0