We are migrating CKEditor issue tracking to GitHub. Please, use GitHub to report any new issues.

The former tracking system (this website) will still be available in the read-only mode. All issues reported in the past will still be available publicly and can be referenced.

Important: we decided not to transfer all the tickets to GitHub, as many of them are not reproducible anymore or simply no longer requested by the community.
If the issue you are interested in, can be still reproduced in the latest version of CKEditor, feel free to report it again on GitHub.
At the same time please note that issues reported on this website are still taken into consideration when picking up candidates for next milestones.

To report a new issue, go to https://github.com/ckeditor/ckeditor-dev/issues and follow the instructions in the issue template.

Context Navigation

Back to Ticket #4719

Ticket #4719: 4719_4.patch

File 4719_4.patch, 1.6 KB (added by Minh Nguyen, 14 years ago)

_source/core/htmlparser/basicwriter.js

                  */
                 attribute : function( attName, attValue )
+                {
+                        // Browsers don't always escape quote in attribute values. (#4683)
+                        if ( typeof attValue == 'string' )
+                                attValue = attValue.replace( /"/g, '&quot;' );
+                        // Browsers don't always escape special character in attribute values. (#4683, #4719).
+                        if ( typeof attValue == 'string' ) {
+                                attValue = attValue.replace( /"/g, '&quot;' ).replace( /</g, '&lt;' ).replace( />/, '&gt;' ).replace( /'/, '&#039;' );
+                        }
                         this._.output.push( ' ', attName, '="', attValue, '"' );
                 },

_source/plugins/htmlwriter/plugin.js


175	175	if ( typeof attValue == 'string' )
176	176	{
177	177	this.forceSimpleAmpersand && ( attValue = attValue.replace( /&/g, '&' ) );
178		// Browsers don't always escape ~~quote in attribute values. (#4683)~~
179		attValue = attValue.replace( /"/g, '"' );
	178	// Browsers don't always escape special character in attribute values. (#4683, #4719).
	179	attValue = attValue.replace( /"/g, '"' ).replace( /</g, '<' ).replace( />/, '>' ).replace( /'/, ''' );
180	180	}
181	181
182	182	this._.output.push( ' ', attName, '="', attValue, '"' );

Download in other formats:

Original Format