Opened 9 years ago

Closed 9 years ago

Last modified 8 years ago

#2608 closed Bug (fixed)

Removing carriage return invalidates JavaScript

Reported by: dreamage Owned by: mosipov
Priority: Normal Milestone: FCKeditor.Java 2.4.2
Component: Server : Java Version: FCKeditor.Java 2.4
Keywords: Confirmed Cc:

Description (last modified by mosipov)

The following line in FCKEditor.java

String encodedValue = escapeXml(value.replaceAll("((\r?\n)+|\t*)", ""));

remove carriage return, but this can destroy Javascript code entered in FCK if the Javascript use line comments.

For example

a comment here

var i = 2;

  • becomes -

a comment var i = 2;

so no more variable declaration.

I don't know what can be done for fix that. Leaving the carriage return in the value attribute of the hidden field seems to be working in IE7 and FF3, but I don't think this is valid XHTML.

Attachments (1)

FCKJava.zip (1.9 KB) - added by dreamage 9 years ago.
J2EE test project

Download all attachments as: .zip

Change History (11)

comment:1 Changed 9 years ago by mosipov

Please attach a file you have problems with. I will investigate that!

comment:2 Changed 9 years ago by mosipov

  • Keywords Pending added

comment:3 follow-up: Changed 9 years ago by mosipov

Reporter, are you able to provide a test file? Otherwise this ticket will expire in a couple of days.

Changed 9 years ago by dreamage

J2EE test project

comment:4 in reply to: ↑ 3 Changed 9 years ago by dreamage

I attached a project zip but since the size limit is 256k, I removed FCKEditor files from the project. Just unzip the latest FCKEditor in /src/main/webapp/ and then run the project with maven (mvn jetty:run) and call editor.jsp (http://127.0.0.1:8080/fckjava-test/editor.jsp) to see the bug.

comment:5 Changed 9 years ago by mosipov

dreamage,

I tested your example. It does what you describe but there are some open issues:

  1. I hope you are aware that the editor ignores scripts in the loaded documents. I tried alert("hello"); with no result.
  2. Do you just load html sites with embedded javascript to alter the HTML tags only?

comment:6 follow-up: Changed 9 years ago by dreamage

Not sure I understand what you mean. I'm not loading scripts in the editor to execute them with FCK. I use FCK as a HTML editor for our content management system, and I want my users to be able to enter some scripts in their HTML content and save them. Theses scripts are going to be rendered on their sites using the CMS.

What is the purpose of removing "\n" anyway ? As I understand, it's because the HTML is stored in a INPUT value attribute and it shouldn't contain carriage return ? IE/FF don't complaint about \n in INPUT value ... but I don't think this is valid XHTML. I looked at the PHP implementation and they don't seem to remove carriage return. I don't what could be done to fix this ... is there other ways to feed FCK with html code beside the INPUT tag ?

Thanks

comment:7 in reply to: ↑ 6 Changed 9 years ago by mosipov

  • Keywords Confirmed added; Pending removed
  • Milestone set to FCKeditor.Java 2.5
  • Owner set to mosipov
  • Status changed from new to assigned

Replying to dreamage:

Not sure I understand what you mean. I'm not loading scripts in the editor to execute them with FCK. I use FCK as a HTML editor for our content management system, and I want my users to be able to enter some scripts in their HTML content and save them. Theses scripts are going to be rendered on their sites using the CMS.

Ok, that's what I though you were doing!

What is the purpose of removing "\n" anyway ? As I understand, it's because the HTML is stored in a INPUT value attribute and it shouldn't contain carriage return ? IE/FF don't complaint about \n in INPUT value ... but I don't think this is valid XHTML. I looked at the PHP implementation and they don't seem to remove carriage return. I don't what could be done to fix this ... is there other ways to feed FCK with html code beside the INPUT tag ?

The simple reason was just to reduce the html input into the editor. The more content you provide, the slower the thing gets.

I will address this in the next release of 2.5 and 2.4-SNAPSHOT. Sorry for the inconvenience.

comment:8 Changed 9 years ago by mosipov

  • Description modified (diff)
  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed against 2.4-SNAPSHOT and 2.5-SNAPSHOT in [2695]

comment:9 Changed 9 years ago by mosipov

and [2696]

comment:10 Changed 8 years ago by mosipov

  • Milestone changed from FCKeditor.Java 2.5 to FCKeditor.Java 2.4.2
  • Summary changed from Removing carriage return invalidate Javascript to Removing carriage return invalidates JavaScript
Note: See TracTickets for help on using tickets.
© 2003 – 2016 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy