Changeset 7208

Timestamp:

08/18/11 21:24:37 (22 months ago)

Author:

Saare

Message:

#7243: Protecting against saved attributes inside of inline events.

Location:

CKEditor/trunk

Files:

• CHANGES.html (modified) (1 diff)
• _source/plugins/htmldataprocessor/plugin.js (modified) (3 diffs)

CKEditor/trunk/CHANGES.html

@@ -59 +59 @@
                 <li><a href="http://dev.ckeditor.com/ticket/7619">#7619</a> : [IE] IFrame shim now consolidate editor dialog to avoid having it masked by embeddeds.</li>
                 <li><a href="http://dev.ckeditor.com/ticket/7900">#7900</a> : [FF] Copy/Paste table cells no longer breaks Table dialog.</li>
+                <li><a href="http://dev.ckeditor.com/ticket/7243">#7243</a> : Inline JavaScript events may have been corrupted.</li>
                 <li>Updated the following language files:<ul>
                         <li><a href="http://dev.ckeditor.com/ticket/8128">#8128</a> : Italian;</li>

CKEditor/trunk/_source/plugins/htmldataprocessor/plugin.js

@@ -45 +45 @@
                         return false;
 
-        // 1. For IE version >=8,  empty blocks are displayed correctly themself in wysiwiyg;
-        // 2. For the rest, at least table cell and list item need no filler space.
-        // (#6248)
-        if ( fromSource && CKEDITOR.env.ie &&
-                ( document.documentMode > 7
-                || block.name in CKEDITOR.dtd.tr
-                || block.name in CKEDITOR.dtd.$listItem ) )
-            return false;
+        // 1. For IE version >=8,  empty blocks are displayed correctly themself in wysiwiyg;
+        // 2. For the rest, at least table cell and list item need no filler space.
+        // (#6248)
+        if ( fromSource && CKEDITOR.env.ie &&
+                ( document.documentMode > 7
+                        || block.name in CKEDITOR.dtd.tr
+                        || block.name in CKEDITOR.dtd.$listItem ) )
+                return false;
 
                 var lastChild = lastNoneSpaceChild( block );
@@ -290 +290 @@
 
         var protectElementRegex = /<(a|area|img|input)\b([^>]*)>/gi,
-                protectAttributeRegex = /\b(href|src|name)\s*=\s*(?:(?:"[^"]*")|(?:'[^']*')|(?:[^ "'>]+))/gi;
+                protectAttributeRegex = /\b(on\w+|href|src|name)\s*=\s*(?:(?:"[^"]*")|(?:'[^']*')|(?:[^ "'>]+))/gi;
 
         var protectElementsRegex = /(?:<style(?=[ >])[^>]*>[\s\S]*<\/style>)|(?:<(:?link|meta|base)[^>]*>)/gi,
@@ -306 +306 @@
                         return '<' +  tag + attributes.replace( protectAttributeRegex, function( fullAttr, attrName )
                         {
+                                // Avoid corrupting the inline event attributes (#7243).
                                 // We should not rewrite the existed protected attributes, e.g. clipboard content from editor. (#5218)
-                                if ( attributes.indexOf( 'data-cke-saved-' + attrName ) == -1 )
+                                if ( !/^on/.test( attrName ) && attributes.indexOf( 'data-cke-saved-' + attrName ) == -1 )
                                         return ' data-cke-saved-' + fullAttr + ' ' + fullAttr;