Support for EL with no quotes

pmd-visualforce/etc/grammar/VfParser.jjt

@@ -114,7 +114,7 @@ PARSER_END(VfParser)
 |	<UNPARSED_TEXT: ( <NO_LT_OR_OPENBRACE>|<OPENBRACE><NO_BANG>)+ >
 }
 
-<ElTagState, ElAttribTagStateSQ, ElAttribTagStateDQ> TOKEN :
+<ElTagState, ElAttribTagStateSQ, ElAttribTagStateDQ, ElAttribTagStateNQ> TOKEN :
 {
 		<NULL: "null" >
 	| <TRUE: "true" >
@@ -170,6 +170,11 @@ PARSER_END(VfParser)
 			<END_OF_EL_ATTRIB_DQ: (<WHITESPACES>)? <CLOSEBRACE> > : AttrValueBetweenDoubleQuotesState
 }
 
+<ElAttribTagStateNQ> TOKEN :
+{
+			<END_OF_EL_ATTRIB_NQ: (<WHITESPACES>)? <CLOSEBRACE> > : AttrValueNoQuotesState
+}
+
 <DocTypeState, DocTypeExternalIdState> TOKEN :
 {
 	<WHITESPACES: (<WHITESPACE>)+ >
@@ -214,9 +219,18 @@ PARSER_END(VfParser)
 {
   <SINGLE_QUOTE: (<WHITESPACES>)? "'"> : AttrValueBetweenSingleQuotesState
 | <DOUBLE_QUOTE: (<WHITESPACES>)? "\"">: AttrValueBetweenDoubleQuotesState
+| <NO_QUOTE_NO_WHITESPACE: ~["\"","'"," "] > { input_stream.backup(1);} : AttrValueNoQuotesState
 | <IN_ATTR_WHITESPACE: [" "] > : InTagState //support for empty attributes
 }
 
+<AttrValueNoQuotesState> TOKEN :
+{
+     <ENDING_WHITESPACE: " " >: InTagState
+	|	<EL_EXPRESSION_IN_ATTRIBUTE_NQ: "{!" (<WHITESPACES>)? > : ElAttribTagStateNQ
+	| <UNPARSED_TEXT_NO_WHITESPACE: ( ~["$", "#", " "] |(["$", "#"] ~["{"]) )+ >
+
+}
+
 <AttrValueBetweenSingleQuotesState> TOKEN :
 {
 	<ENDING_SINGLE_QUOTE: "'"> : InTagState
@@ -338,6 +352,19 @@ String Text() :
 	}
 }
 
+
+String UnparsedTextNoWhitespace() #Text :
+{ Token t;}
+{
+  (
+    t = <UNPARSED_TEXT_NO_WHITESPACE>
+  )
+  {
+		jjtThis.setImage(t.image);
+		return t.image;
+  }
+}
+
 /**
  * Text that contains no single quotes, and that does not contain the start
  * of a EL expression.
@@ -468,7 +495,9 @@ void PrimaryPrefix() #void :
 {
 	 	Literal()
 	| Identifier()
-	|  <LPAREN> Expression() <RPAREN>
+	| <LPAREN> Expression() <RPAREN>
+	| <LSQUARE> Expression() <RSQUARE>
+
 }
 
 void PrimarySuffix() #void :
@@ -482,7 +511,7 @@ void PrimarySuffix() #void :
 void DotExpression() :
 {}
 {
-	<EXP_DOT> (Identifier() | BooleanLiteral() )
+	<EXP_DOT> (Identifier() | Literal() )
 
 }
 
@@ -534,6 +563,7 @@ void ElExpressionInAttribute() #ElExpression :
 {
 		<EL_EXPRESSION_IN_ATTRIBUTE_SQ> [Expression()] <END_OF_EL_ATTRIB_SQ>
 	| <EL_EXPRESSION_IN_ATTRIBUTE_DQ> [Expression()] <END_OF_EL_ATTRIB_DQ>
+	| <EL_EXPRESSION_IN_ATTRIBUTE_NQ> [Expression()] <END_OF_EL_ATTRIB_NQ>
 }
 
 void CData() :
@@ -614,6 +644,10 @@ void Attribute() :
  		  	( ( UnparsedTextNoSingleQuotes() | ElExpressionInAttribute() ) )*
  			( 	<ENDING_SINGLE_QUOTE> )
  		)
+		| ( <NO_QUOTE_NO_WHITESPACE>
+			( (  UnparsedTextNoWhitespace() | ElExpressionInAttribute() ) )*
+		( <ENDING_WHITESPACE> )
+		)
  		| <IN_ATTR_WHITESPACE>
  	)
  }

pmd-visualforce/src/main/ant/alljavacc.xml

@@ -31,8 +31,10 @@
         <jjtree target="etc/grammar/VfParser.jjt"
                 outputdirectory="${target}/net/sourceforge/pmd/lang/vf/ast/"
                 javacchome="${javacc-home.path}" />
-        <!-- Ensure generated using CharStream interface -->
+        <!-- Ensure generated using CharStream interface debugparser="true"
+        		debugtokenmanager="true"-->
         <javacc static="false"
+        		
                 usercharstream="true"
                 unicodeinput="true"
                 javaunicodeescape="false"

pmd-visualforce/src/test/resources/net/sourceforge/pmd/lang/vf/rule/security/xml/VfUnescapeEl.xml

@@ -7,8 +7,8 @@ Default escaped EL - no XSS
 		<expected-problems>0</expected-problems>
 		<code><![CDATA[
 <apex:page>
-{! foo('test') }
-</apex:page>
+{!NoXSSHere(bah)}
+ </apex:page>
 ]]></code>
 		<source-type>vf</source-type>
 	</test-code>
@@ -127,6 +127,9 @@ No XSS via EL via param binding
     <apex:form>
         <apex:selectList value="{!string}" size="1">
             <apex:selectOption itemValue='{!XSS}' itemLabel="Red" itemEscaped="false"/>
+            <apex:selectOption itemValue={!XSS} itemLabel="Blue" itemEscaped="false"/>
+            <apex:selectOption itemValue="{!XSS}" itemLabel="Green" itemEscaped="false"/>
+            
         </apex:selectList> 
     </apex:form>
 </apex:page>