Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=52335

markt-asf · markt-asf · commit 302e113d4a1f · 2011-12-15T16:50:25.000Z
% is only escaped as <\%, not \% git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1214855 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/java/org/apache/jasper/compiler/Parser.java b/java/org/apache/jasper/compiler/Parser.java
@@ -1278,7 +1278,7 @@ private boolean parseCustomTag(Node parent) throws JasperException {
 
     /*
      * Parse for a template text string until '<' or "${" or "#{" is encountered,
-     * recognizing escape sequences "\%", "\$", and "\#".
+     * recognizing escape sequences "<\%", "\$", and "\#".
      */
     private void parseTemplateText(Node parent) throws JasperException {
 
@@ -1297,8 +1297,33 @@ private void parseTemplateText(Node parent) throws JasperException {
         while (reader.hasMoreInput()) {
             ch = reader.nextChar();
             if (ch == '<') {
-                reader.pushChar();
-                break;
+                // Check for <\%
+                ch = reader.nextChar();
+                if (ch == -1) {
+                    reader.pushChar();
+                    break;
+                } else if (ch == '\\') {
+                    ch = reader.nextChar();
+                    if (ch == -1) {
+                        reader.pushChar();
+                        reader.pushChar();
+                        break;
+                    } else if (ch == '%') {
+                        ttext.write('<');
+                        ttext.write('\\');
+                        ttext.write('%');
+                        continue;
+                    } else {
+                        reader.pushChar();
+                        reader.pushChar();
+                        reader.pushChar();
+                        break;
+                    }
+                } else {
+                    reader.pushChar();
+                    reader.pushChar();
+                    break;
+                }
             } else if ((ch == '$' || ch == '#') && !pageInfo.isELIgnored()) {
                 if (!reader.hasMoreInput()) {
                     ttext.write(ch);
@@ -1318,9 +1343,9 @@ private void parseTemplateText(Node parent) throws JasperException {
                     break;
                 }
                 char next = (char) reader.peekChar();
-                // Looking for \% or \$ or \#
-                if (next == '%' || ((next == '$' || next == '#') &&
-                        !pageInfo.isELIgnored())) {
+                // Looking for \$ or \# when EL is being used
+                if ((next == '$' || next == '#') &&
+                        !pageInfo.isELIgnored()) {
                     ch = reader.nextChar();
                 }
             }
diff --git a/test/org/apache/jasper/compiler/TestParser.java b/test/org/apache/jasper/compiler/TestParser.java
@@ -290,6 +290,26 @@ public void testBug49297Tag() throws Exception {
         assertEcho(res.toString(), "OK");
     }
 
+    @Test
+    public void testBug52335() throws Exception {
+        Tomcat tomcat = getTomcatInstance();
+
+        File appDir =
+            new File("test/webapp-3.0");
+        // app dir is relative to server home
+        tomcat.addWebapp(null, "/test", appDir.getAbsolutePath());
+
+        tomcat.start();
+
+        ByteChunk res = getUrl("http://localhost:" + getPort() +
+                "/test/bug52335.jsp");
+
+        String result = res.toString();
+        // Beware of the differences between escaping in JSP attributes and
+        // in Java Strings
+        assertEcho(result, "00 - \\% \\\\% <\\%");
+    }
+
     /** Assertion for text printed by tags:echo */
     private static void assertEcho(String result, String expected) {
         assertTrue(result.indexOf("<p>" + expected + "</p>") > 0);
diff --git a/test/webapp-3.0/bug52335.jsp b/test/webapp-3.0/bug52335.jsp
@@ -0,0 +1,24 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+--%>
+<%@ page isELIgnored="true" %>
+<html>
+  <head><title>Bug 52335 test case</title></head>
+  <body>
+    <p>00 - \% \\% <\%</p>
+  </body>
+</html>
+
