Hi,
I have several custom jspx tags with dynamic attributes that worked well
up to Tomcat 7.0.47, but they do not work properly on Tomcat 7.0.52.
Same problems occur also when using Spring form tags (I suspect that
other libraries would have same problem, but I didn't test them).
sample (data-test[2] is dynamic attribute, onclick is static):
<c:set var="world" value="'World'"></c:set>
<sf:form onclick="window.alert('Hello ${world}!')"
data-test="window.alert('Hello ${world}!')"
data-test2="window.alert('Hello World!')"
tomcat 7.0.47 output:
<form onclick="window.alert('Hello 'World'!')"
data-test="window.alert('Hello 'World'!')"
data-test2="window.alert('Hello World!')"
tomcat 7.0.52 output:
<form onclick="window.alert('Hello 'World'!')"
data-test="window.alert(&#039;Hello
'World'!&#039;)"
data-test2="window.alert('Hello World!')"
If there is EL used in dynamic attribute (data-test), non-EL part of
that attribute is escaped twice, EL part is escaped only once. Tomcat
7.0.47 would escape everything just once.
Everything works as before if static attribute is used (onclick) or
there is no EL in dynamic attribute (data-test2).
I strongly suspect, that this is caused by this fix:
https://issues.apache.org/bugzilla/show_bug.cgi?id=55735, but I don't
understand why using EL should cause double escaping of the rest of
attribute value. Is it bug?
Lukas Zboron
