Opened 15 years ago
Last modified 13 years ago
#4380 new Bug
Listblock: Stylename containing single quote will crash onclick method
| Reported by: | mattis | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | Core : Styles | Version: | |
| Keywords: | Cc: | antony.chandra@… |
Description
When a style contains a single quote in its title, it will crash the listblock.
Offending code (plugins/listblock/plugin.js):
add : function( value, html, title )
{
var pendingHtml = this._.pendingHtml,
id = 'cke_' + CKEDITOR.tools.getNextNumber();
if ( !this._.started )
{
pendingHtml.push( '<ul class=cke_panel_list>' );
this._.started = 1;
}
this._.items[ value ] = id;
pendingHtml.push(
'<li id=', id, ' class=cke_panel_listItem>' +
'<a _cke_focus=1 hidefocus=true' +
' title="', title || value, '"' +
' href="javascript:void(\'', value, '\')"' +
' onclick="CKEDITOR.tools.callFunction(', this._.getClick(), ',\'', value, '\'); return false;">',
html || value,
'</a>' +
'</li>' );
},
As you can see, 'value' is passed verbatim into the pendingHtml array, which doesn't do anything to escape single quotes.
Change History (2)
comment:1 Changed 15 years ago by
| Component: | General → Core : Styles |
|---|
comment:2 Changed 13 years ago by
| Cc: | antony.chandra@… added |
|---|
Note: See
TracTickets for help on using
tickets.
replacing single quotes to its html entity so the ckeditor function call wont break will fix this issue. see the fix below.
Replying to mattis: