2014-05-03 16:26 GMT+04:00 Vimil Saju <vimils...@yahoo.com>: >>The rules: >>http://tomcat.apache.org/lists.html#tomcat-users >>6. Do not top-post >>7. Do not use HTML e-mails >> >>As you can see from the above, from HTML point of view there is no difference. >> >> >> onclick= >>=3D"clicked('Hello')">Hello</a>=0A</body>=0A</html>=0A=0AI was wo= >>ndering why the single quotes are now being escaped in html output.=0A=0ATh= >> >> >>The change was intentional and is mentioned in changelog. >> >> >> >> 2) See 'Jasper' section of the changelog, starting with 7.0.43 >> http://tomcat.apache.org/bugreport.html#Changelog > > I am sorry about top posting, and using HTML. > I did read the changelog and this change is mentioned, but there was no > explanation regarding why this change was required.
That boils down to what is written in JSP specification. https://issues.apache.org/bugzilla/show_bug.cgi?id=55198#c5 Unfortunately fixing that issue was not as easy as it could be, with followup fixes going into 7.0.50, 52, 53 and in upcoming 54. > Currently we have Jmeter scripts that go through raw HTTP responses and check > for the presence of certain strings. These scripts started to fail after we > upgraded our tomcat, we have now modified our scripts to look for ' as well > as single quotes. I just wanted to know if there was a purpose for this > change, I mean was anything broken because single quotes were not escaped? Single quotes inside of double quotes are not really broken, but we are using a function that escapes all special chars (' " & <>) regardless of context. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
