Strict Quote Escaping in Tomcat

Question

This is regarding strict quote escaping in tomcat mentioned in http://blogs.sourceallies.com/2009/10/strict-quote-escaping-in-tomcat/

I am using apache-tomcat-6.0.36 and I am not facing any issue related to this. So is this issue specific only to certain versions of tomcat 6+? Also does this depend on J2EE version?

Note : I haven't configured org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING in $TOMCAT_HOME/conf/catalina.properties

Answer 1

Tomcat8 has deprecated and removed previous property which may break installations if older instructions are to be followed. See this guide to fix issue.

Tomcat7 and earlier versions

Add this property to the end of $tomcat/conf/catalina.properties file.

org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false

Tomcat8 and most recent versions

Add this parameter to the JspServlet in $tomcat/conf/web.xml file.

Find this servlet <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>

Add parameter <init-param><param-name>strictQuoteEscaping</param-name><param-value>false</param-value></init-param>

Answer 2

The changes arose from https://issues.apache.org/bugzilla/show_bug.cgi?id=45015

That was fixed in 6.0.17 onwards. Earlier versions will be more tolerant of invalid quote sequences.

There is no dependency on the versions of the Servlet or JSP specification declared in any descriptor.

If you don't see an issue, the most likely explanation is that your application is using quotes om a specification compliant way.