Author: remy.maucherat(a)jboss.com Date: 2008-06-24 07:03:55 -0400 (Tue, 24 Jun 2008) New Revision: 683 Modified: trunk/java/org/apache/jasper/compiler/Parser.java trunk/java/org/apache/jasper/resources/LocalStrings.properties Log: - Raise an optional error for invalid quotes. Modified: trunk/java/org/apache/jasper/compiler/Parser.java =================================================================== --- trunk/java/org/apache/jasper/compiler/Parser.java 2008-06-24 05:37:06 UTC (rev 682) +++ trunk/java/org/apache/jasper/compiler/Parser.java 2008-06-24 11:03:55 UTC (rev 683) @@ -75,6 +75,11 @@ private static final String JAVAX_BODY_CONTENT_TEMPLATE_TEXT = "JAVAX_BODY_CONTENT_TEMPLATE_TEXT"; + private static final boolean STRICT_QUOTE_ESCAPING = Boolean.valueOf( + System.getProperty( + "org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING", + "true")).booleanValue(); + /** * The constructor */ @@ -242,7 +247,8 @@ err.jspError(start, "jsp.error.attribute.unterminated", watch); } - String ret = parseQuoted(reader.getText(start, stop)); + String ret = parseQuoted(start, reader.getText(start, stop), + watch.charAt(watch.length() - 1)); if (watch.length() == 1) // quote return ret; @@ -255,7 +261,8 @@ * QuotedChar ::= ''' | '"' | '\\' | '\"' | "\'" | '\>' | '\$' | * Char */ - private String parseQuoted(String tx) { + private String parseQuoted(Mark start, String tx, char quote) + throws JasperException { StringBuffer buf = new StringBuffer(); int size = tx.length(); int i = 0; @@ -289,6 +296,10 @@ buf.append('\\'); ++i; } + } else if (ch == quote && STRICT_QUOTE_ESCAPING) { + // Unescaped quote character + err.jspError(start, "jsp.error.attribute.noescape", tx, + "" + quote); } else { buf.append(ch); ++i; Modified: trunk/java/org/apache/jasper/resources/LocalStrings.properties =================================================================== --- trunk/java/org/apache/jasper/resources/LocalStrings.properties 2008-06-24 05:37:06 UTC (rev 682) +++ trunk/java/org/apache/jasper/resources/LocalStrings.properties 2008-06-24 11:03:55 UTC (rev 683) @@ -327,6 +327,7 @@ jsp.error.attribute.noequal=equal symbol expected jsp.error.attribute.noquote=quote symbol expected jsp.error.attribute.unterminated=attribute for {0} is not properly terminated +jsp.error.attribute.noescape=Attribute value {0} is quoted with {1} which must be escaped when used within the value jsp.error.missing.tagInfo=TagInfo object for {0} is missing from TLD jsp.error.deferredmethodsignaturewithoutdeferredmethod=Cannot specify a method signature if 'deferredMethod' is not 'true' jsp.error.deferredvaluetypewithoutdeferredvalue=Cannot specify a value type if 'deferredValue' is not 'true'