Opened 3 years ago

Closed 3 years ago

#11811 closed Bug (fixed)

Widget's data are not encoded correctly when passed to attribute

Reported by: Reinmar Owned by: pjasiun
Priority: Normal Milestone: CKEditor 4.4.1
Component: General Version: 4.3
Keywords: Cc:

Description (last modified by Reinmar)

  1. Open codesnippet sample.
  2. Create snippet with <!--Foo--> content.
  3. Copy it.
  4. Paste it.
  5. Results:
    • Chrome: OK.
    • FF, IE: snippet contains: {cke_protected_1}.

That's because FF and IE do not encode "<" in attribute values. Chrome does this automatically.

Change History (13)

comment:1 Changed 3 years ago by Reinmar

  • Description modified (diff)
  • Status changed from new to confirmed

comment:2 Changed 3 years ago by Reinmar

I pushed branch:t/11811 with the simplest solution. Simplest but very locally working, because the real issue is somewhere else. The HTML data processor should not protect comment inside attribute. Unfortunately that may be extremely hard to achieve because of the way how comments protection must work - on HTML string.

Last edited 3 years ago by Reinmar (previous) (diff)

comment:3 Changed 3 years ago by pjasiun

  • Owner set to pjasiun
  • Status changed from confirmed to assigned

This ticket is definitely related to #11777.

comment:4 Changed 3 years ago by Reinmar

This ticket must go before #11777.

comment:5 Changed 3 years ago by pjasiun

  • Status changed from assigned to review

Encoding data-cke-widget-data attribute using encodeURIComponent seems to be the best way to fix this issue. Changes in t/11811b and corresponding test branch.

comment:6 Changed 3 years ago by Reinmar

  • Status changed from review to review_failed
  1. Please merge these tests to widgetapi.html.
  2. Do not create unnecessary editor instances. You can register widgets dynamically, and if they have unique names, there won't be conflicts with other tests.
  3. Correct other widget system tests.

This change revealed a bug in code snippet plugin. I'll create a ticket for it.

comment:7 Changed 3 years ago by Reinmar

Ticket for issue in the code snippet plugin: #11926.

comment:8 Changed 3 years ago by pjasiun

  • Status changed from review_failed to review

I merged tests into widgetapi.html, improved performance and corrected other tests (excluding code snippert tests which will be fixed in #11926). Changes in t/11811b test branch.

comment:9 Changed 3 years ago by Reinmar

  • Status changed from review to review_failed

You should extract a function calling encodeURIComponent(JSON.stringify(obj)) to widget test tools. That pair cannot be repeated in every related test. What if we change the form again?

comment:10 Changed 3 years ago by pjasiun

I changed data2Attr and added getAttrData to widgets tools and used them in tests instead encodeURIComponent and decodeURIComponent so there is a single pair of function for data encoding/decoding. Changes in t/11811b test branch.

comment:11 Changed 3 years ago by pjasiun

  • Status changed from review_failed to review

comment:12 Changed 3 years ago by Reinmar

  • Status changed from review to review_passed

I force pushed rebased branches plus I added one additional commit in tests.

comment:13 Changed 3 years ago by pjasiun

  • Resolution set to fixed
  • Status changed from review_passed to closed
Note: See TracTickets for help on using tickets.
© 2003 – 2017 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy