Bug 44392

Summary: HTML entities not resolved in SSI filter
Product: Tomcat 6 Reporter: Konrad Windszus <konrad_w>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 6.0.14   
Target Milestone: default   
Hardware: Other   
OS: other   

Description Konrad Windszus 2008-02-11 05:37:37 UTC 
HTML entities which are contained in an SSI set directive aren't resolved by the
SSI filter (in contrary to what is done by mod_include of Apaches HTTP).

mod_include resolves all HTML entities in most of the attribute values of ssi
directives. It also resolves \" to " and \$ to $.

The ssi filter of tomcat resolves all escaped character which are escaped with a
backslash, but no HTML entities at all.

Apart from that, giving encoding "entity" should be different from giving
encoding="none" to the SSI echo directive. One should replace all invalid HTML
characters by valid HTML entities and the other one should do nothing.

The encoding is especially important if you wan't to store a HTML-Comment within
a SSI variable.

If I want to store a variable test with the value "<!-- testvalue "x" -->"


<!--#set var="test" value="<!-- testvalue "x" -->"-->

for mod_include you must write:

<!--#set var="test" value="<!&#45;&#45; testvalue \"x\" &#45;&#45;>" -->

for Tomcats SSI you must write:

<!--#set var="test" value="<!\-\- testvalue \"x\" \-\->" -->

And there should be a difference whether I output this variable with
<!--#echo var="test" encoding="none" -->  
which should lead to <!-- testvalue "x" -->, or
<!--#echo var="test" encoding="entity" -->
which should lead to &lt;!-- testvalue &quot;x&quot; --&gt;
Comment 1 Mark Thomas 2008-04-11 13:11:57 UTC 
This has been fixed in trunk and proposed for 6.0.x.
Comment 2 Mark Thomas 2008-04-17 10:44:47 UTC 
The patch has been applied to 6.0.x and will be in 6.0.17 onwards.