Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.0.1-rc2
-
None
Description
On line 36 of introduction.jsp in the test suite a " exists inside of a tag attribute:
<portlet:actionURL secure="<%=renderRequest.isSecure()?"True":"False"%>" var="url">
This causes the WebLogic JSP parser to fail.
--------------------------------------------------------------------------------
Quoting is described in section 1.6 of the jsp spec:
Quotation is done consistently regardless of whether the attribute value is a literal or a request-time attribute expression. Quoting can be used in attribute values regardless of whether they are delimited using single or double quotes. It is only required as described below.
A ‘ is quoted as \’. This is required within a single quote-delimited attribute value.
A “ is quoted as \”. This is required within a double quote-delimited attribute value.
A \ is quoted as
A %> is quoted as %\>
A <% is quoted as <%
The entities ' and " are available to describe single and double quotes.
Examples
The following line shows an illegal attribute values.
<mytags:tag value="<%= "hi!" %>" />
The next lines are all legal quotations.
<%= "Joe said %/>" %>
<%= "Joe said %\>" %>
<% String joes_statement = "hi!"; %>
<%= "Joe said \"" + joes_statement + "\"." %>
<x:tag value='<%="Joe said
"" + joes_statement + "
"."%>'/>
<x:tag value='<%= "hi!" %>' />
<x:tag value="<%= \"hi!\" %>" />
<x:tag value='<%= \"name\" %>' />
<x:tag value="<%= \"Joe said 'hello'\" %>"/>
--------------------------------------------------------------------------------
An easy fix to avoid the whole problem would be to do:
<portlet:actionURL secure="<%=Boolean.toString(renderRequest.isSecure())" var="url">
It also makes the intent of the code much more readable than a terinery expression.