TC 5.5.27 upgrade JSP tag attribute quoting

While it makes sense, I was just checking to see if upgrading from
Tomcat 5.5.26 to 5.5.27, not thinking such an upgrade would require JSP
source code changes, will hold true going forward with subsequent Tomcat
releases.

We have a few places where JSP tag attribute values have Java code that
itself contains double quotes, such as:

<tt:mytag value="<%=("field"+i)%>"/>
or
<tt:mytag value="<%=bean.get("name")%>"/>

In 5.5.26, this compiled okay, but in 5.5.27, it results in an error like:

org.apache.jasper.JasperException: /app/mypage.jsp(43,21) Attribute value ("field"+i) is quoted with " which must be escaped when used within the value
        org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:40)


It does make some sense, yet it worked fine for years.  Is this
something that will be true going forward with Tomcat releases, or is
this some sort of "bug" that was introduced in 5.5.27?  It is only
interesting because even the error message shows it parses the attribute
value correctly.

Thanks,
David


---------------------------------------------------------------------
To start a new topic, e-mail: [hidden email]
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

David Wall wrote:
Versions prior to 5.5.27 did not enforce the quoting requirements of the
JSP spec. This was fixed in 5.5.27. You can disable this behaviour. See
http://tomcat.apache.org/tomcat-5.5-doc/config/systemprops.html and look
for STRICT_QUOTE_ESCAPING.

Mark


---------------------------------------------------------------------
To start a new topic, e-mail: [hidden email]
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

In the file Tomcat 5.5\conf\catalina.properties I simply added this line:

org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false

To get rid of the jasper double quotes error.

Thanks for the link Mark.It was useful.

-LS