Opened 7 years ago

Closed 7 years ago

#1931 closed Bug (invalid)

[FF] ProtectedSource config doesn't work properly inside attributes

Reported by: fournaise Owned by:
Priority: Normal Milestone: FCKeditor 2.6.3
Component: General Version: FCKeditor 2.6 Beta
Keywords: Confirmed Cc:

Description (last modified by fredck)

When using Smarty protection source in FCKEditor 2.6beta :

FCKConfig.ProtectedSource.Add( /<\{[\s\S]*?\}>/g );
FCKConfig.ProcessHTMLEntities	= false ; //true

The following code is broken when swithing between wysiwyg/source edition :

<p><a href="{if $a=1}url1.htm{else}url2.htm{/if}">TEST</a></p>
<p>{if $a=1}url1.htm{else}url2.htm{/if}</p>

become :

<p><a href="%7Bif%20$a=1%7Durl1.htm%7Belse%7Durl2.htm%7B/if%7D">TEST</a></p>
<p>{if $a=1}url1.htm{else}url2.htm{/if}</p>

conclusion: Smarty code is protected only in tag and not in attribute.

Is it a bug ? how to avoid this behavior ?

Change History (14)

comment:1 Changed 7 years ago by fournaise

The problem occurs only with src and href attributes.

comment:2 Changed 7 years ago by fredck

  • Description modified (diff)
  • Milestone FCKeditor 2.6 deleted
  • Summary changed from [2.6beta] ProtectedSource config doesn't work properly with Smarty to ProtectedSource config doesn't work properly inside attributes

comment:3 Changed 7 years ago by w.olchawa

  • Keywords Confirmed Firefox added
  • Summary changed from ProtectedSource config doesn't work properly inside attributes to [FF] ProtectedSource config doesn't work properly inside attributes
  • Version set to FCKeditor 2.6 Beta

Confirmed in Firefox. Works fine with IE. This bug didn't occur in 2.5.1. It only occurs in 2.6 beta and the SVN version.

comment:4 Changed 7 years ago by fournaise

Double quote in protected source is broken:

example:

<a href="{if $a="1"}bla.html{/if}">TEST</a>

become: IE => <a href="{if $a=">TEST</a> FF => <a href="%7Bif%20$a=">TEST</a>

comment:5 Changed 7 years ago by fredck

  • Milestone set to FCKeditor 2.6.1

comment:6 Changed 7 years ago by w.olchawa

  • Resolution set to worksforme
  • Status changed from new to closed

I've reviewed the bug with stable 2.6 and the latest SVN version and it didn't occur to me. I assume that it was fixed by another patch.

comment:7 Changed 7 years ago by fournaise

  • Resolution worksforme deleted
  • Status changed from closed to reopened

Hi, the problem is not solved in the latest snapshot 29/04/08; Please check my test page : http://frederic.fournaise.free.fr/fckeditor/

frederic

comment:8 Changed 7 years ago by w.olchawa

  • Keywords Pending WorksForMe added; Confirmed Firefox removed

I've copied your configuration file from the sample page you have provided and applied it to my local version and the bug still didn't occur to me both on IE and FF2 using FCKeditor 2.6 and the latest SVN version.

comment:9 Changed 7 years ago by alfonsoml

That demo page is wrong. it's pointing to a bad location for the config.js file and it gets a 404 error.

When some source is protected you can't see it all, so the first line in the editor shows that it isn't being applied.

comment:10 Changed 7 years ago by martinkou

I've done some tests with the SVN trunk with IE, FF and Safari, and it seems to be ok.

I guess the bug reporter had some old .js files cached in his browser?

comment:11 Changed 7 years ago by fournaise

Hello, I have updated my page with the latest revision in trunk. Please check my problem with special chars in protected source zone : http://frederic.fournaise.free.fr/fckeditor/

comment:12 Changed 7 years ago by martinkou

Confirmed the bug, but your case is a problematic one - symbols like &, < and > are disallowed in XHTML element attributes and so from the standpoint of an HTML editor FCKeditor is actually doing the right thing by converting your symbols to &amp;, &lt; and &gt;. Maybe we could add a configuration directive to override that behavior for Smarty users.

comment:13 Changed 7 years ago by martinkou

  • Keywords Confirmed added; Pending WorksForMe removed

comment:14 Changed 7 years ago by martinkou

  • Resolution set to invalid
  • Status changed from reopened to closed

Sorry we won't be really "fixing" this in our next release as a fix for it would mean we're allowing invalid HTML to be written in FCKeditor. The code snippet you gave in your example is seriously broken if it is parsed without a Smarty parser:

Go to this address <a href="{if ($a>0 && $b=="test"}go.html{else}error.html{/if})">my address</a>

Even ignoring the > and & signs in the attribute values, the placements of the double quotes themselves are already turning the <a href="..."> tag into something totally incomprehensible to any HTML or XML parser.

However, you can fix the problem for yourself by adding a ProtectedSource entry in fckconfig.js:

FCKConfig.ProtectedSource.Add( /{.*?}/g ) ;
Note: See TracTickets for help on using tickets.
© 2003 – 2015 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy