Changeset 7208


Ignore:
Timestamp:
08/18/11 21:24:37 (3 years ago)
Author:
Saare
Message:

#7243: Protecting against saved attributes inside of inline events.

Location:
CKEditor/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • CKEditor/trunk/CHANGES.html

    r7206 r7208  
    5959                <li><a href="http://dev.ckeditor.com/ticket/7619">#7619</a> : [IE] IFrame shim now consolidate editor dialog to avoid having it masked by embeddeds.</li> 
    6060                <li><a href="http://dev.ckeditor.com/ticket/7900">#7900</a> : [FF] Copy/Paste table cells no longer breaks Table dialog.</li> 
     61                <li><a href="http://dev.ckeditor.com/ticket/7243">#7243</a> : Inline JavaScript events may have been corrupted.</li> 
    6162                <li>Updated the following language files:<ul> 
    6263                        <li><a href="http://dev.ckeditor.com/ticket/8128">#8128</a> : Italian;</li> 
  • CKEditor/trunk/_source/plugins/htmldataprocessor/plugin.js

    r6904 r7208  
    4545                        return false; 
    4646 
    47         // 1. For IE version >=8,  empty blocks are displayed correctly themself in wysiwiyg; 
    48         // 2. For the rest, at least table cell and list item need no filler space. 
    49         // (#6248) 
    50         if ( fromSource && CKEDITOR.env.ie && 
    51                 ( document.documentMode > 7 
    52                 || block.name in CKEDITOR.dtd.tr 
    53                 || block.name in CKEDITOR.dtd.$listItem ) ) 
    54             return false; 
     47        // 1. For IE version >=8,  empty blocks are displayed correctly themself in wysiwiyg; 
     48        // 2. For the rest, at least table cell and list item need no filler space. 
     49        // (#6248) 
     50        if ( fromSource && CKEDITOR.env.ie && 
     51                ( document.documentMode > 7 
     52                        || block.name in CKEDITOR.dtd.tr 
     53                        || block.name in CKEDITOR.dtd.$listItem ) ) 
     54                return false; 
    5555 
    5656                var lastChild = lastNoneSpaceChild( block ); 
     
    290290 
    291291        var protectElementRegex = /<(a|area|img|input)\b([^>]*)>/gi, 
    292                 protectAttributeRegex = /\b(href|src|name)\s*=\s*(?:(?:"[^"]*")|(?:'[^']*')|(?:[^ "'>]+))/gi; 
     292                protectAttributeRegex = /\b(on\w+|href|src|name)\s*=\s*(?:(?:"[^"]*")|(?:'[^']*')|(?:[^ "'>]+))/gi; 
    293293 
    294294        var protectElementsRegex = /(?:<style(?=[ >])[^>]*>[\s\S]*<\/style>)|(?:<(:?link|meta|base)[^>]*>)/gi, 
     
    306306                        return '<' +  tag + attributes.replace( protectAttributeRegex, function( fullAttr, attrName ) 
    307307                        { 
     308                                // Avoid corrupting the inline event attributes (#7243). 
    308309                                // We should not rewrite the existed protected attributes, e.g. clipboard content from editor. (#5218) 
    309                                 if ( attributes.indexOf( 'data-cke-saved-' + attrName ) == -1 ) 
     310                                if ( !/^on/.test( attrName ) && attributes.indexOf( 'data-cke-saved-' + attrName ) == -1 ) 
    310311                                        return ' data-cke-saved-' + fullAttr + ' ' + fullAttr; 
    311312 
Note: See TracChangeset for help on using the changeset viewer.
© 2003 – 2012 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy