I just started here at Source Allies (loving it here so far, btw!) and inherited an aging code base to resurrect. It was originally deployed on Tomcat 5 and one of the issues I encountered upgrading to Tomcat 6 was strict quote escaping. The code base has lots of JSPs with elements like this:
<some:tag title=”<%=(String)request.getAttribute(”title”)%>”>
Apparently this used to fly under the radar up until Tomcat 5.5.26, but Tomcat 5.5.27+ enforces the quoting requirements of the JSP spec. Running this app with Tomcat 6 produced lots of exceptions like this one:
javax.servlet.jsp.JspException: ServletException in ‘/WEB-INF/content/admin/editUser.jsp’: /WEB-INF/content/admin/editUser.jsp(6,23) Attribute value (String)request.getAttribute(”title”) is quoted with ” which must be escaped when used within the value
Now, we all know that double-quotes within double-quotes is a no-no and should be fixed by either using single quotes to enclose the attribute value:
<some:tag title=’<%=(String)request.getAttribute(”title”)%>’>
or by escaping the inner double-quotes:
<some:tag title=”<%=(String)request.getAttribute(\”title\”)%>”>
However in this case we just needed to get the app up & running quickly so I found a quick, temporary workaround instead of fixing all of the improperly formatted quotes. Setting org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false in $TOMCAT_HOME/conf/catalina.properties allows the double-quotes within double-quotes, and no more exceptions!
Thanks for posting this, very helpful.
I would have thought everything inside the should be a valid java statement that evaluates to something (eg a String; boolean; etc). In which case the escaped inner double-quoted exampled just reads wrong to me. Also seems strange that STRICT_QUOTE_ESCAPING=true would be the default if jasper can handle the stuff inside the properly.
That’s just my option(s) though. I can report I’ve seen some inconsistency in treatment of quotes from points release of tomcat – in particular 6.0.24 seems to treats STRICT_QUOTE_ESCAPING as true where as 6.0.20 treats STRICT_QUOTE_ESCAPING as false.
I guess the moral is use single quotes for tag attributes where possible or set the parser setting explicitly.
Thanks for posting this, very helpful.
I would have thought everything inside the >%= .. < should be a valid java statement that evaluates to something (eg a String; boolean; etc). In which case the escaped inner double-quoted exampled just reads wrong to me. Also seems strange that STRICT_QUOTE_ESCAPING=true would be the default if jasper can handle the stuff inside the >%= .. < properly.
That’s just my option(s) though. I can report I’ve seen some inconsistency in treatment of quotes from points release of tomcat – in particular 6.0.24 seems to treats STRICT_QUOTE_ESCAPING as true where as 6.0.20 treats STRICT_QUOTE_ESCAPING as false.
I guess the moral is use single quotes for tag attributes where possible or set the parser setting explicitly.
(sorry, I’ll try comment again with escaping of the > <)
I finally bookmarked your website. I always find great material along with comments.
Thanks for the helpful link, but I have the same problem with Weblogic 10, is there any similar parameters for weblogic?