According to JSP 2.0 specification (chapter 1.7 page 72,73) This code is illegal: <mytags:tag value="<%= "hi!" %>" /> Instead the correct sentence would be: <mytags:tag value='<%= "hi!" %>' /> <mytags:tag value="<%= \"hi!\" %>" /> <mytags:tag value='<%= \"name\" %>' /> ... But Tomcat 5.5 accept the first sentence. It's not a real bug but accepting a wrong sentence allow developpers to write code which does not respect the JSP specification. And when this code is executing in another servlet container (Websphere 6.1 for example) it doesn't work.
This has been fixed in trunk and proposed for 5.5.x and 6.0.x
This has been fixed in 6.0.x and will be in 6.0.17 onwards.
A quick note to anyone being bitten by this bug fix: you can easily search which of your JSPs (*.jsp*) need to be updated with the following regular expression (take a deep breath): <\w+:[^>]+="[^<"]*<%=[^%]*"|<\w+:[^>]+='[^<']*<%=[^%]*' Unfortunately, I haven't found a way to automatically fix JSPs, but at least you (hopefully) won't forget any!
This has been fixed in 5.5.x and will be included in 5.5.27 onwards.
Mark, I am using Tomcat 5.5.27 on Linux but still facing the problem. I am using c:ret tld and using following code in my abc.jsp, <c-rt:set var="currUrl" value="<%=request.getAttribute((String)pageContext.getAttribute("param")+"_Url")%>" /> While jsp compilation , I am getting following error, org.apache.jasper.JasperException: file:browser/abc.jsp(51,42) Attribute value request.getAttribute((String)pageContext.getAttribute("param")+"_Url") is quoted with " which must be escaped when used within the value. When I modify the code with escape character it works fine.This is my modified code, <c-rt:set var="currUrl" value="<%=request.getAttribute((String)pageContext.getAttribute(\"param\")+\"_Url\")%>" /> According to comment # 4 this issue is resolved. But I am not sure if it is resolved for Linux version of Tomcat 5.5.27 too. Let me know if you need more info on this. One quick question , Do I have to set any Tomcat JVM options to get rid of the issue temporarily??
I see the same issue for some files having nested quotes and dont see it for some other files having the same kind of nested quoting. The kind of quoting giving the problem is mentioned in my previous comment. But the following seam to the working. id="<%= c.var("ActivityBanner.Name") %><%= c.var("ActivityBanner.Index") %>" I don't see any particular standard way in which it fails. Both the cases i have used tomcat 5.5.27
Re comment 5, what you are seeing is the correct behaviour. The checking can be relaxed. See http://tomcat.apache.org/tomcat-5.5-doc/config/systemprops.html Re comment 6, that could be a bug. Can you provide the simplest complete JSP that demonstrates the issue please.
I have done some more testing and I can't repeat the issue reported in comment 6. If you still see it, please re-open this report and add the simplest JSP that demonstrates the issue.
Hi, I use apache-tomcat-6.0.18 with jdk1.5.0_13. Ant version is apache-ant-1.6.2. [b]While using ant to pre-compile JSPs, i get the error message related to quotes and compilation fails.[/b] See user list discussion http://mail-archives.apache.org/mod_mbox/tomcat-users/200810.mbox/%3C20D88322B9D55444A327FEB661C303900BD408E4@HYD-MDP-MBX01.wipro.com%3E I have tried all that i could (available in link above), but it seems it does not work without code changes. i.e. the System property is not effective for precompilation Please check if this is a bug as this is a blocker for us now?
Comment #9 is a question for the Tomcat users list, or possibly even the Ant users list.
Thanks to Cedric for the helpful regex. I've modified it a bit so it can actually be used to replace and fix (most) instances of this problem automatically. If you have an IDE that supports regex replace (I used IDEA), do a replace in path for this regex: (<\w+:(?:[^>]|<%=[^%]+%>)+=)"([^<"]*<%=[^%]*"[^%]*%>[^"]*)" For the replacement text, enter: $1'$2' Doing this was a necessity for me as I had to make thousands of changes to over 300 JSP files on the code base I'm working on. I have to say I think this should have been implemented as an opt-in fix via a config or something, rather than breaking backward compatibility for every tomcat user. Please be more careful in the future guys. We rely on you to not do things like this to us.
Ok. I guess I should have read this thread a little more carefully before spending hours fixing all this. So there is an opt-out for the strict parsing. http://tomcat.apache.org/tomcat-5.5-doc/config/systemprops.html Too late for me. Maybe it would be helpful to put something like "or disable strict quote checking" in the error message?
You can add this config option to the file "catalina.properties" which is in the directory of "%tomcat_home%/conf",as follows: org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false And the problem will be resolved (In reply to comment #3) > A quick note to anyone being bitten by this bug fix: you can easily search > which of your JSPs (*.jsp*) need to be updated with the following regular > expression (take a deep breath): > > <\w+:[^>]+="[^<"]*<%=[^%]*"|<\w+:[^>]+='[^<']*<%=[^%]*' > > Unfortunately, I haven't found a way to automatically fix JSPs, but at least > you (hopefully) won't forget any!
Test in TC 6.0.26, the "strip quote escaping Parser" didn't work. -- JUST use this testing code <mytags:tag value="<%= "hi!" %>" /> -- I setup a jspc command line to debug the JspC -- Then I reaches this stack frames main@1, prio=5, in group 'main', status: 'RUNNING' at org.apache.jasper.compiler.AttributeParser.getUnquoted(AttributeParser.java:54) at org.apache.jasper.compiler.Parser.parseAttributeValue(Parser.java:249) at org.apache.jasper.compiler.Parser.parseAttribute(Parser.java:205) at org.apache.jasper.compiler.Parser.parseAttributes(Parser.java:148) at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1204) at org.apache.jasper.compiler.Parser.parseElementsScriptless(Parser.java:1467) at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1385) at org.apache.jasper.compiler.Parser.parseBody(Parser.java:1630) at org.apache.jasper.compiler.Parser.parseOptionalBody(Parser.java:974) at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1242) at org.apache.jasper.compiler.Parser.parseElementsScriptless(Parser.java:1467) at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1385) at org.apache.jasper.compiler.Parser.parseBody(Parser.java:1630) at org.apache.jasper.compiler.Parser.parseOptionalBody(Parser.java:974) at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1242) at org.apache.jasper.compiler.Parser.parseElementsScriptless(Parser.java:1467) at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1385) at org.apache.jasper.compiler.Parser.parseBody(Parser.java:1630) at org.apache.jasper.compiler.Parser.parseOptionalBody(Parser.java:974) at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1242) at org.apache.jasper.compiler.Parser.parseElementsScriptless(Parser.java:1467) at org.apache.jasper.compiler.Parser.parseBody(Parser.java:1633) at org.apache.jasper.compiler.Parser.parseJspBody(Parser.java:1584) at org.apache.jasper.compiler.Parser.parseJspAttributeAndBody(Parser.java:1001) at org.apache.jasper.compiler.Parser.parseOptionalBody(Parser.java:972) at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1242) at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1418) at org.apache.jasper.compiler.Parser.parse(Parser.java:130) at org.apache.jasper.compiler.ParserController.doParse(ParserController.java:255) at org.apache.jasper.compiler.ParserController.parse(ParserController.java:103) at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:185) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:347) at org.apache.jasper.JspC.processFile(JspC.java:1182) at org.apache.jasper.JspC.execute(JspC.java:1331) at sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-1) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:105) at org.apache.tools.ant.TaskAdapter.execute(TaskAdapter.java:134) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288) at sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-1) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:105) at org.apache.tools.ant.Task.perform(Task.java:348) at org.apache.tools.ant.Target.execute(Target.java:357) at org.apache.tools.ant.Target.performTasks(Target.java:385) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1329) at org.apache.tools.ant.Project.executeTarget(Project.java:1298) at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41) at org.apache.tools.ant.Project.executeTargets(Project.java:1181) at org.apache.tools.ant.Main.runBuild(Main.java:698) at org.apache.tools.ant.Main.startAnt(Main.java:199) at org.apache.tools.ant.launch.Launcher.run(Launcher.java:257) at org.apache.tools.ant.launch.Launcher.main(Launcher.java:104) -- In this frame: parseAttributeValue(Parser.java:249) - The method signature is: private String parseAttributeValue(String watch) throws JasperException We can see the parameter (watch)'s value is three characters: '%', '>', '"' So after this code fragment executed -> 245 char quote = 0; -> 246 if (watch.length() == 1) { -> 247 quote = watch.charAt(0); -> 248 } the "quote" variable is actually 0 so event the system property "org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING" isn't set to "false" the strit parser didn't report for this problem -> (codes in org.apache.jasper.compiler.AttributeParser) -> 307 } else if (ch == quote && strict) { -> 308 String msg = Localizer.getMessage("jsp.error.attribute.noescape", -> 309 input, ""+ quote); -> 310 throw new IllegalArgumentException(msg); -> 311 } else { the line 307's condition should never be evaluated to "true"
Test this issue in 6.0.20, and it works. So there should be a regression between 6.0.21 and 6.0.26
Confirmed. I have a failing test case. I'll add that to trunk and then work on a fix.
This has been re-fixed in trunk and proposed for 6.0.x Moving to 6.0.x since the regression does not exist in 5.5.x
This has been fixed in 6.0.x and will be included in 6.0.27 onwards.
adding org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false in catalina.properties worked for me Thanks to (In reply to comment #13) > You can add this config option to the file "catalina.properties" which is in > the directory of "%tomcat_home%/conf",as follows: > org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false > And the problem will be resolved > (In reply to comment #3) > > A quick note to anyone being bitten by this bug fix: you can easily search > > which of your JSPs (*.jsp*) need to be updated with the following regular > > expression (take a deep breath): > > > > <\w+:[^>]+="[^<"]*<%=[^%]*"|<\w+:[^>]+='[^<']*<%=[^%]*' > > > > Unfortunately, I haven't found a way to automatically fix JSPs, but at least > > you (hopefully) won't forget any! Worked for me, thanks !!