Summary: | Malformed contentType attribute results in two charset values | ||
---|---|---|---|
Product: | Tomcat 7 | Reporter: | Konstantin Kolinko <knst.kolinko> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 7.0.27 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Windows XP |
Description
Konstantin Kolinko
2012-06-03 17:55:37 UTC
> With current Tomcat 7.0 (7.0.23)
I meant 7.0.27. The issue is reproducible with 7.0.27 release and with current trunk of 7.0.x.
At one level, this is just a case of "garbage in, garbage out" with current 7.0.x producing different garbage that 6.0.x for the same input. Granted, the 7.0.x garbage is likely to cause more problems for clients. Digging a little deeper, it appears that Jasper is making the same error as the root cause of bug 52811, namely using contentType.indexOf("charset=") < 0. That is probably more forgivable in Jasper than it was in Tomcat. I'll see if I can configure the parser to handle parameters of the form "name" rather than "name=value". That should make Tomcat a little more robust against this sort of input. Since the input is invalid, the specs don't say how this should be handled so we have a little latitude here. Fixed in trunk and 7.0.x and will be included in 7.0.28 onwards. Invalid parameters in the content-type header value will now be ignored. The resulting header for 7.0.x of the input above is: Content-Type header: text/html;charset=UTF-8 |