Ticket #1931 (closed Bug: invalid)

Opened 6 years ago

Last modified 6 years ago

[FF] ProtectedSource config doesn't work properly inside attributes

Reported by: fournaise Owned by:
Priority: Normal Milestone: FCKeditor 2.6.3
Component: General Version: FCKeditor 2.6 Beta
Keywords: Confirmed Cc:

Description (last modified by fredck) (diff)

When using Smarty protection source in FCKEditor 2.6beta :

FCKConfig.ProtectedSource.Add( /<\{[\s\S]*?\}>/g );
FCKConfig.ProcessHTMLEntities	= false ; //true

The following code is broken when swithing between wysiwyg/source edition :

<p><a href="{if $a=1}url1.htm{else}url2.htm{/if}">TEST</a></p>
<p>{if $a=1}url1.htm{else}url2.htm{/if}</p>

become :

<p><a href="%7Bif%20$a=1%7Durl1.htm%7Belse%7Durl2.htm%7B/if%7D">TEST</a></p>
<p>{if $a=1}url1.htm{else}url2.htm{/if}</p>

conclusion: Smarty code is protected only in tag and not in attribute.

Is it a bug ? how to avoid this behavior ?

Change History

comment:1 Changed 6 years ago by fournaise

The problem occurs only with src and href attributes.

comment:2 Changed 6 years ago by fredck

  • Milestone FCKeditor 2.6 deleted
  • Description modified (diff)
  • Summary changed from [2.6beta] ProtectedSource config doesn't work properly with Smarty to ProtectedSource config doesn't work properly inside attributes

comment:3 Changed 6 years ago by w.olchawa

  • Keywords Confirmed Firefox added
  • Version set to FCKeditor 2.6 Beta
  • Summary changed from ProtectedSource config doesn't work properly inside attributes to [FF] ProtectedSource config doesn't work properly inside attributes

Confirmed in Firefox. Works fine with IE. This bug didn't occur in 2.5.1. It only occurs in 2.6 beta and the SVN version.

comment:4 Changed 6 years ago by fournaise

Double quote in protected source is broken:

example:

<a href="{if $a="1"}bla.html{/if}">TEST</a>

become: IE => <a href="{if $a=">TEST</a> FF => <a href="%7Bif%20$a=">TEST</a>

comment:5 Changed 6 years ago by fredck

  • Milestone set to FCKeditor 2.6.1

comment:6 Changed 6 years ago by w.olchawa

  • Status changed from new to closed
  • Resolution set to worksforme

I've reviewed the bug with stable 2.6 and the latest SVN version and it didn't occur to me. I assume that it was fixed by another patch.

comment:7 Changed 6 years ago by fournaise

  • Status changed from closed to reopened
  • Resolution worksforme deleted

Hi, the problem is not solved in the latest snapshot 29/04/08; Please check my test page : http://frederic.fournaise.free.fr/fckeditor/

frederic

comment:8 Changed 6 years ago by w.olchawa

  • Keywords Pending WorksForMe added; Confirmed Firefox removed

I've copied your configuration file from the sample page you have provided and applied it to my local version and the bug still didn't occur to me both on IE and FF2 using FCKeditor 2.6 and the latest SVN version.

comment:9 Changed 6 years ago by alfonsoml

That demo page is wrong. it's pointing to a bad location for the config.js file and it gets a 404 error.

When some source is protected you can't see it all, so the first line in the editor shows that it isn't being applied.

comment:10 Changed 6 years ago by martinkou

I've done some tests with the SVN trunk with IE, FF and Safari, and it seems to be ok.

I guess the bug reporter had some old .js files cached in his browser?

comment:11 Changed 6 years ago by fournaise

Hello, I have updated my page with the latest revision in trunk. Please check my problem with special chars in protected source zone : http://frederic.fournaise.free.fr/fckeditor/

comment:12 Changed 6 years ago by martinkou

Confirmed the bug, but your case is a problematic one - symbols like &, < and > are disallowed in XHTML element attributes and so from the standpoint of an HTML editor FCKeditor is actually doing the right thing by converting your symbols to &amp;, &lt; and &gt;. Maybe we could add a configuration directive to override that behavior for Smarty users.

comment:13 Changed 6 years ago by martinkou

  • Keywords Confirmed added; Pending WorksForMe removed

comment:14 Changed 6 years ago by martinkou

  • Status changed from reopened to closed
  • Resolution set to invalid

Sorry we won't be really "fixing" this in our next release as a fix for it would mean we're allowing invalid HTML to be written in FCKeditor. The code snippet you gave in your example is seriously broken if it is parsed without a Smarty parser:

Go to this address <a href="{if ($a>0 && $b=="test"}go.html{else}error.html{/if})">my address</a>

Even ignoring the > and & signs in the attribute values, the placements of the double quotes themselves are already turning the <a href="..."> tag into something totally incomprehensible to any HTML or XML parser.

However, you can fix the problem for yourself by adding a ProtectedSource entry in fckconfig.js:

FCKConfig.ProtectedSource.Add( /{.*?}/g ) ;
Note: See TracTickets for help on using tickets.
© 2003 – 2012 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy