fl4via
commented
2 years ago @rmartinc can you please review? I couldn't add a test because the tests that are there do not cause invocation of Validator
Closed fl4via closed 1 year ago
fl4via
commented
2 years ago @rmartinc can you please review? I couldn't add a test because the tests that are there do not cause invocation of Validator
rmartinc
commented
2 years ago Hi @fl4via!
As we have been talking internally the scriptlet expression when used inside a JSP tag attribute should be the full value. It cannot be used partially inside a tag attribute. The spec in the chapter Request Time Attribute Values says:
When using scriptlet expressions, the expression must appear by itself (multiple expressions, and mixing of expressions and string constants are not permitted).
And checking the grammar:
Attribute ::= Name Eq ( ( '"<%=' RTAttributeValueDouble ) | ( "'<%=" RTAttributeValueSingle ) | ( '"' AttributeValueDouble ) | ( "'" AttributeValueSingle ) )
RTAttributeValueDouble ::= ( ( QuotedChar - '"' ) - ( ( QuotedChar - '"' ) '%>' ) ) ( '%>"' |
) [ vc: RTAttributeScriptingEnabled ] [ vc: ExpressionBodyContent ] RTAttributeValueSingle ::= ( ( QuotedChar - "'" ) - ( ( QuotedChar - "'" ) '%>' ) ) ( "%>'" |
) [ vc: RTAttributeScriptingEnabled ] [ vc: ExpressionBodyContent ]
So the attribute value, if using scriptlet, should start by <%= and finish by %> and cannot mix strings like EL expressions do. The spec is the same in previous 2.3 and 3.0 versions.
I would close this PR as UNDERTOW-2146 is not a bug. UNDERTOW-1319 is not a bug either and, I don't know if it's late, but I would revert that change if possible.
fl4via
commented
2 years ago Thank you for the feedback @rmartinc ! I'll do as you say and check if it is possible to revert UNDERTOW-1319.
ropalka
commented
1 year ago This PR have been superseded with https://github.com/undertow-io/jastow/pull/78
… is not an EL expression
Signed-off-by: Flavia Rainone frainone@redhat.com