[FF] ProtectedSource config doesn't work properly inside attributes

[fournaise]

When using Smarty protection source in FCKEditor 2.6beta :

FCKConfig.ProtectedSource.Add( /<\{[\s\S]*?\}>/g );
FCKConfig.ProcessHTMLEntities	= false ; //true

The following code is broken when swithing between wysiwyg/source edition :

<p><a href="{if $a=1}url1.htm{else}url2.htm{/if}">TEST</a></p>
<p>{if $a=1}url1.htm{else}url2.htm{/if}</p>

become :

<p><a href="%7Bif%20$a=1%7Durl1.htm%7Belse%7Durl2.htm%7B/if%7D">TEST</a></p>
<p>{if $a=1}url1.htm{else}url2.htm{/if}</p>

conclusion: Smarty code is protected only in tag and not in attribute.

Is it a bug ? how to avoid this behavior ?

[fournaise]

The problem occurs only with src and href attributes.

[Wojciech Olchawa]

Confirmed in Firefox. Works fine with IE. This bug didn't occur in 2.5.1. It only occurs in 2.6 beta and the SVN version.

[fournaise]

Double quote in protected source is broken:

example:

<a href="{if $a="1"}bla.html{/if}">TEST</a>

become: IE => <a href="{if $a=">TEST</a> FF => <a href="%7Bif%20$a=">TEST</a>

[Wojciech Olchawa]

I've reviewed the bug with stable 2.6 and the latest SVN version and it didn't occur to me. I assume that it was fixed by another patch.

[fournaise]

Hi, the problem is not solved in the latest snapshot 29/04/08; Please check my test page : ​http://frederic.fournaise.free.fr/fckeditor/

frederic

[Wojciech Olchawa]

I've copied your configuration file from the sample page you have provided and applied it to my local version and the bug still didn't occur to me both on IE and FF2 using FCKeditor 2.6 and the latest SVN version.

[Alfonso Martínez de Lizarrondo]

That demo page is wrong. it's pointing to a bad location for the config.js file and it gets a 404 error.

When some source is protected you can't see it all, so the first line in the editor shows that it isn't being applied.

[Martin Kou]

I've done some tests with the SVN trunk with IE, FF and Safari, and it seems to be ok.

I guess the bug reporter had some old .js files cached in his browser?

[fournaise]

Hello, I have updated my page with the latest revision in trunk. Please check my problem with special chars in protected source zone : ​http://frederic.fournaise.free.fr/fckeditor/

[Martin Kou]

Confirmed the bug, but your case is a problematic one - symbols like &, < and > are disallowed in XHTML element attributes and so from the standpoint of an HTML editor FCKeditor is actually doing the right thing by converting your symbols to &amp;, &lt; and &gt;. Maybe we could add a configuration directive to override that behavior for Smarty users.

[Martin Kou]

Sorry we won't be really "fixing" this in our next release as a fix for it would mean we're allowing invalid HTML to be written in FCKeditor. The code snippet you gave in your example is seriously broken if it is parsed without a Smarty parser:

Go to this address <a href="{if ($a>0 && $b=="test"}go.html{else}error.html{/if})">my address</a>

Even ignoring the > and & signs in the attribute values, the placements of the double quotes themselves are already turning the <a href="..."> tag into something totally incomprehensible to any HTML or XML parser.

However, you can fix the problem for yourself by adding a ProtectedSource entry in fckconfig.js:

FCKConfig.ProtectedSource.Add( /{.*?}/g ) ;