Affects: 5.1.5 RELEASE
Example1
Let's say a form bean has the following annotation:
@Pattern(regexp = "[\\w.'-]{1,}@[\\w.'-]{1,}")
private String email;`
If an invalid email is given, validation fails and the following error message is presented by form:errors tag.
... must match "[\w.-]{1,}@[\w.-][Ljavax.validation.constraints.Pattern$Flag;@4f413b2c"
Single quotes disappear and the second {1,} occurrence is replaced with [Ljavax.validation.constraints.Pattern$Flag;@4f413b2c.
Example2:
private Integer age;
Supply age={0}aaa'bbb then you get the following error message:
Failed to convert property value of type java.lang.String to required type java.lang.Integer
for property age; nested exception is java.lang.NumberFormatException: For input string:
"org.springframework.context.support.DefaultMessageSourceResolvable: codes formData.age,age];
arguments []; default message [age]aaabbb"
Again, {0} is replaced and single quote disappears.
The cause is that the values (the regexp in example1 and the user input in example2) are passed to java.text.MessageFormat#applyPattern() with no proper escaping.
It looks like the bug (example1) is similar to #11988.
Affects: 5.1.5 RELEASE
Example1
Let's say a form bean has the following annotation:
@Pattern(regexp = "[\\w.'-]{1,}@[\\w.'-]{1,}") private String email;`If an invalid email is given, validation fails and the following error message is presented by form:errors tag.
... must match "[\w.-]{1,}@[\w.-][Ljavax.validation.constraints.Pattern$Flag;@4f413b2c"Single quotes disappear and the second
{1,}occurrence is replaced with[Ljavax.validation.constraints.Pattern$Flag;@4f413b2c.Example2:
Supply
age={0}aaa'bbbthen you get the following error message:Again,
{0}is replaced and single quote disappears.The cause is that the values (the regexp in example1 and the user input in example2) are passed to
java.text.MessageFormat#applyPattern()with no proper escaping.It looks like the bug (example1) is similar to #11988.