Index: _source/plugins/htmldataprocessor/plugin.js
===================================================================
--- _source/plugins/htmldataprocessor/plugin.js (revision 7376)
+++ _source/plugins/htmldataprocessor/plugin.js (working copy)
@@ -516,10 +516,18 @@
// Call the browser to help us fixing a possibly invalid HTML
// structure.
var div = new CKEDITOR.dom.element( 'div' );
+
+ // Prevent execution of event handlers in the div (#8630)
+ var prefix = 'data-cke' + CKEDITOR.tools.getNextNumber() + '-';
+ data = data.replace( /(\s)(on)/ig, '$1' + prefix + '$2' );
+
// Add fake character to workaround IE comments bug. (#3801)
div.setHtml( 'a' + data );
data = div.getHtml().substr( 1 );
+ // Restore event handlers (#8630)
+ data = data.replace( new RegExp( prefix, 'gi' ), '' );
+
// Unprotect "some" of the protected elements at this point.
data = unprotectElementNames( data );