• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Servlet Exception:Attribute value is quoted with " which must be escaped when used within the value

 
kamlendra kumar
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am trying to Migrate my application from Tomcat 5.0 to Tomcat5.5.28. I have used Struts, JSP and JSTLs in my application.
for Tomcat 5.5.28 i am getting servlet exception when rendering the jsp page.
The Exception is:
[ServletException in:/home/home1l/proposal_list.jsp] /home/home1l/proposal_list.jsp(497,59) Attribute value
MyPermissions.PERMISSION1
is quoted with " which must be escaped when used within the value .

The code in JSP page is:
<permissions:hasAnyNetworkSettings networkSettings="<%=MyPermissions.PERMISSION1%>">


The same code is working fine with Tomcat5.0.

Can somebody please help.
 
Venkata Kumar
Ranch Hand
Posts: 110
Firefox Browser Java MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tomcat versions prior to 5.5.27 doesn't follow the quote requirements of Jsp Spec. Tomcat version 5.5.27 onwards quotes are checked strictly. Nested quotes has to be escaped.
what does MyPermissions.PERMISSION1 return?
<permissions:hasAnyNetworkSettings networkSettings="<%=MyPermissions.PERMISSION1%>">

You may use single quotes as shown below
 
kamlendra kumar
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
tld file for this Tag is like this:
<tag>
<name>hasAnyNetworkSettings</name>
<tagclass>HasAnyNetworkSettingsTag</tagclass>
<bodycontent>JSP</bodycontent>
<attribute>
<name>networkSettings</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>


this class returns SKIP_BODY or EVAL_BODY_INCLUDE depending on the value passed to the tag.
 
kamlendra kumar
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you please give me the link to page confirming the fact that Tomcat5.5.27 onwards quotes are checked strictly..
i'll be very helpful.
 
kamlendra kumar
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i solved this issue.. ......!!!

-Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false


after this setting this problem got resolved.
by default strict quote checking was enabled..disabling that solved this issue
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why not fix the underlying issue rather than allowing Tomcat to break the JSP specification?
 
kamlendra kumar
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
my application has arround 2500 JSP pages.. so it is almost impossible to correct all the JSPs.
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hope you never deploy on something that doesn't allow broken JSP pages, then.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65216
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
kamlendra kumar wrote:my application has arround 2500 JSP pages.. so it is almost impossible to correct all the JSPs.

Wow. Just wow.

So the bigger a web app gets, the less quality matters?
 
kamlendra kumar
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
 
Rajkumar balakrishnan
Ranch Hand
Posts: 445
Android Eclipse IDE Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:
Wow. Just wow.

So the bigger a web app gets, the less quality matters?


Thats absolutely right. For a mere 150+ pages i felt completely drowned by modifying a simple thing....

I didnt even think about getting into 2500 pages...
 
kamlendra kumar
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Due to security vulnerability we are migrating to Tomcat5.5. Quality always matters friend.
But due to this issue not a single jsp page was getting rendered.And checking and correcting 2500 jsp pages gonna take tremendous efforts..
so i guess the way i found works best for my application.
 
kadavul seelan
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
i have got same problem with you.
I use TOMCAT 6, ECLIPSE

And i did not know how and where i need add the line "-Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false "

Please Help me.
 
kamlendra kumar
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey!
Set the parameter in catalina.bat .
 
kadavul seelan
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello thanks for answer,
i try this
i add this line in catalina.bat


But it doesn't work

Thanks for help
 
kamlendra kumar
Greenhorn
Posts: 23
 
kadavul seelan
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes i already go this page :s
The line i added is correct???

Sorry for my english i'm from france.
 
Tim Holloway
Saloon Keeper
Posts: 18300
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
kadavul seelan wrote:Hello thanks for answer,
i try this
i add this line in catalina.bat


But it doesn't work

Thanks for help


Actually, if you create a file named "setenv.bat" (or setenv.sh) and put the line in there, catalina.bat will pick up the configuration option from there and you won't have to modify the Tomcat startup script. setenv goes in the TOMCAT_HOME/bin directory just like the catalina.bat file.
 
kadavul seelan
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i resolved my problem, eclipse HELIOS create in workspace a folder server, on this folder it saved catalina.properties files
on this file i add "org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false" in this file and my project work.


Thanks
 
Pene charl
Greenhorn
Posts: 21
Hibernate Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You just add the below line in a path of tomcat\conf\catalina.properties
org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false to the end of ${catalina.home}\conf\catalina.properties
That should be work.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic