Opened 3 years ago

Closed 3 years ago

#11223 closed Bug (fixed)

ProtectedSource not working in the title element

Reported by: Synchro Owned by: m.lewandowski
Priority: Normal Milestone: CKEditor 4.4.1
Component: General Version: 3.1
Keywords: Cc:

Description

This problem is described in this forum post.

With protectedSource set thus:

CKEDITOR.config.protectedSource.push(/\[\[[^\]]*?\]\]/g);

This document:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>[[mytag]]</title>
[[mytag]]
</head>
<body>
[[mytag]]
</body>
</html>

becomes this when loaded into CKEditor:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
	<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
	<title>&lt;!--{cke_protected}%5B%5Bmytag%5D%5D--&gt;</title>
	[[mytag]]
</head>
<body>[[mytag]]</body>
</html>

and it stays that way when the form is submitted. When it's reloaded, it gets encoded a second time, resulting in an ever-growing title tag full of junk.

The forum post describes another problem related to using placeholders, but this bug is really a separate issue.

Attachments (1)

11223.html (2.1 KB) - added by Reinmar 3 years ago.

Download all attachments as: .zip

Change History (15)

comment:1 Changed 3 years ago by Synchro

I've discovered it's not only on load/save that it re-encodes - just switching between visual and source modes is enough, so if I toggle between the two states, the encoded chunk in the title tag gets bigger and bigger.

comment:2 Changed 3 years ago by j.swiderski

  • Status changed from new to pending
  • Version 4.3 deleted

Unlike #11544 I'm not able to reproduce this one in CKEditor 4.3.2.

We have few cke_protected issues: #7805, #7826, #8129, #8216, #8230, #9205 but this one doesn't look like it. My result was the same as in #11544. @Synchro could you perhaps attach sample page that can be put into samples folder and will show this problem?

comment:3 Changed 3 years ago by Reinmar

  • Milestone set to CKEditor 4.3.4
  • Status changed from pending to confirmed

I confirm this issue... or rather issues. Attachment 11223.html shows many bugs. I've got the same issues on every version since at least 4.0.

Let's give this ticket a try in 4.3.4. It's not acceptable that two core features are so incompatible.

comment:4 Changed 3 years ago by j.swiderski

  • Version set to 3.1

Thanks for the sample. Seems all issues can be reproduced from CKEditor 3.1. Protected source doesn't get along with Full Page mode.

comment:5 Changed 3 years ago by Reinmar

  • Summary changed from protectedSource not working in title element to ProtectedSource not working in the title element

Argh... I forgot about the g flag for regexps in 11223.html! :D That's why only the first occurrence has been replaced. I'll reattach fixed 11223.html on which only protected source in a title doesn't work.

Changed 3 years ago by Reinmar

comment:6 Changed 3 years ago by Reinmar

Unfortunately it's the same issue as here: http://dev.ckeditor.com/ticket/11442#comment:6. In short - browsers do not accept comments in the <title> element and comments are used by the protect source feature. Quick test:

document.title = '<!--xxx-->';
document.head.innerHTML;

	<meta charset="utf-8">
	<title>&lt;!--xxx--&gt;</title>

However, we don't have to protect source in the <title>, so the fix seems to be easy.

comment:7 Changed 3 years ago by Reinmar

Additionally, I found out that the same problem with protected source occurs in <iframe> (#11442 again). IMO the easiest solution would be to unprotect source inside <iframe>/<title> tags here: https://github.com/ckeditor/ckeditor-dev/blob/4.3.3/core/htmldataprocessor.js#L891, because excluding their content from https://github.com/ckeditor/ckeditor-dev/blob/4.3.3/core/htmldataprocessor.js#L867 seems to be hard.

PS. This is another argument for stopping using in-browser HTML normalization. If we used only parser it would be easier.

comment:8 Changed 3 years ago by Reinmar

I closed #7826 as a DUP of this issue, because it has the same nature and need the same fix - we cannot protect source in <textarea> because we lose comments inside it.

comment:11 Changed 3 years ago by m.lewandowski

comment:12 Changed 3 years ago by Reinmar

  • Milestone changed from CKEditor 4.3.4 to CKEditor 4.4.1

comment:13 Changed 3 years ago by m.lewandowski

  • Owner set to m.lewandowski
  • Status changed from confirmed to assigned

comment:14 Changed 3 years ago by m.lewandowski

  • Status changed from assigned to review

Pushed to t/11223 at dev and t/11223 at tests.

comment:15 Changed 3 years ago by Reinmar

  • Status changed from review to review_passed

I rebased both branches and pushed additional commits to both of them. That were only some simplifications.

This patch fixes also a part of #11442.

Last edited 3 years ago by Reinmar (previous) (diff)

comment:16 Changed 3 years ago by m.lewandowski

  • Resolution set to fixed
  • Status changed from review_passed to closed

Fixed with git:90da227a39 (merged to master) at dev and 21063c530f (merged to master) at tests.

Note: See TracTickets for help on using tickets.
© 2003 – 2016 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy