Opened 7 years ago

Closed 5 years ago

Last modified 5 years ago

#4475 closed Bug (fixed)

Custom protectedSource ruins content

Reported by: WayFarer Owned by: garry.yao
Priority: Normal Milestone: CKEditor 3.5.3
Component: Core : Output Data Version: 3.0
Keywords: Cc: vladimir@…

Description

When using custom protection for {tagname ...} elements (not for smarty here)

config.protectedSource = [/\{.*?\}/gi]; // { } tags.

(one protection pattern only)

editor sometimes selectively ruins {} tags, tested with latest FF and IE7/8
example:

{link page="test"}<p>
This Web site was created with you in mind. In your busy schedule at work or at home, you may not have the time to call, visit or schedule an appointment with us. We realize this and have created this helpful and informative Web site to meet your needs 24 hours a day. Detailed information has been provided regarding our <a href="{link page="services"}" target="_top">services</a>, <a href="{link page="merchandise"}" target="_top">merchandise</a>&nbsp;and&nbsp;<a href="{link page="prices"}">prices</a>, our <a href="{link page="grief-resources"}" target="_top">grief resources</a>, <a href="{link page="when-death-occurs"}">what to do when death occurs</a> and information on various other topics. 
{link page="test"}

become

{link page="test"}
<p>
	This Web site was created with you in mind. In your busy schedule at work or at home, you may not have the time to call, visit or schedule an appointment with us. We realize this and have created this helpful and informative Web site to meet your needs 24 hours a day. Detailed information has been provided regarding our <a href="&lt;!--{cke_protected}%7Blink%20page%3D%22services%22%7D--&gt;" target="_top">services</a>, <a href="&lt;!--{cke_protected}%7Blink%20page%3D%22merchandise%22%7D--&gt;" target="_top">merchandise</a>&nbsp;and&nbsp;<a href="&lt;!--{cke_protected}%7Blink%20page%3D%22prices%22%7D--&gt;">prices</a>, our <a href="&lt;!--{cke_protected}%7Blink%20page%3D%22grief-resources%22%7D--&gt;" target="_top">grief resources</a>, <a href="&lt;!--{cke_protected}%7Blink%20page%3D%22when-death-occurs%22%7D--&gt;">what to do when death occurs</a> and information on various other topics. {link page="test"}</p>

Please note, that not all {} tags ruined.

Attachments (2)

4475.patch (2.1 KB) - added by alfonsoml 6 years ago.
Proposed patch
4475_2.patch (3.8 KB) - added by garry.yao 5 years ago.

Download all attachments as: .zip

Change History (21)

comment:1 follow-up: Changed 7 years ago by garry.yao

  • Component changed from General to Core : Output Data
  • Keywords Pending added; protectedSource removed

Works for me, could you try to provide a sample page for reproducing? Note: protected source function doesn't support attribute value protection.

comment:2 in reply to: ↑ 1 ; follow-up: Changed 7 years ago by WayFarer

  • Cc vladimir@… added

Replying to garry.yao:

Works for me, could you try to provide a sample page for reproducing? Note: protected source function doesn't support attribute value protection.

The shortest example which doesn't work for me is:

<a href="{link page="services"}">link text</a>

Paste it in HTML mode. It ruins protected tags inside attribute href. Content become the following after switching from HTML to WYSIWYG:

<p>
	<a href="&lt;!--{cke_protected}%7Blink%20page%3D%22services%22%7D--&gt;">link text</a></p>

More times I switching - much garbage it produces... after second switch:

<p>
	<a href="&lt;!--&lt;!--{cke_protected}%7Bcke_protected%7D--&gt;%7Blink%20page%3D%22services%22%7D--&gt;">link text</a></p>

etc...

As I understand if attrubute value protection is not supported - attribute value should stay untouched in WYSIWYG mode. But it became garbaged with {cke_protected} stuff.

It seems like only one way protection routine triggers (protection works), but "unprotection" doesn't catch what have been previously protected. -- Just my thoughts.

comment:3 Changed 7 years ago by fabio.perrella

  • Cc fabio.perrella@… added

I'm having the same problem! Dou you know when it will be corrected?

comment:4 Changed 7 years ago by fabio.perrella

  • Cc fabio.perrella@… removed

comment:5 Changed 7 years ago by WayFarer

  • Milestone set to CKEditor 3.2

comment:6 Changed 7 years ago by alfonsoml

  • Milestone CKEditor 3.2 deleted

comment:7 in reply to: ↑ 2 Changed 7 years ago by ecki

Replying to WayFarer: Using

config.protectedSource.push( /<\?[\s\S]*?\?>/g );   // PHP Code

there is another example which doesn't work:

<a href="<?php print $url; ?>">link text</a>

Paste it in HTML mode, then switch to WYSIWYG and back again into HTML mode. It seems to have to do with php tags inside quotation marks inside tags.

(As a work-around you can use

<?php print '<a href="'.$url.'">link text</a>'; ?>

which is not very comfortable.)

comment:8 follow-up: Changed 6 years ago by alfonsoml

  • Keywords Review? added; Pending removed
  • Owner set to alfonsoml
  • Status changed from new to assigned

The problem is similar to #4880, the protection isn't done in a symmetrical way: first is done using a regexp on a string, but then it's restored while parsing nodes.

The patch fixes both this bug and #4880

Changed 6 years ago by alfonsoml

Proposed patch

comment:9 in reply to: ↑ 8 Changed 6 years ago by reitsma

Replying to alfonsoml: Hello,

this patch works well for our sites, and solves a rather critical problem.

Can this fix be scheduled into the next release?

Happy to help in any way I can!

Regards,

Adam.

comment:10 Changed 6 years ago by wwalc

I'm not sure if #6759 can be marked as duplicate of this ticket (didn't check whether patch attached here fixes issue described there), in any case I haven't seen a bug report regarding attributes.

comment:11 Changed 6 years ago by alfonsoml

yes, comments 2 and 7 state that issue

comment:12 Changed 6 years ago by wwalc

  • Milestone set to CKEditor 3.5.2

(The proposed patch does not solve the problem with editing attributes containing protected source in dialogs - issue reported in #6759)

comment:13 Changed 5 years ago by garry.yao

  • Keywords Discussion added
  • Status changed from review to review_failed

Protect attribute value is an unnecessary feature, instead we should simply leave them intact.

Changed 5 years ago by garry.yao

comment:14 Changed 5 years ago by garry.yao

  • Owner changed from alfonsoml to garry.yao
  • Status changed from review_failed to review

After some investigation as well as a discussion with Wiktor, it looks difficult to have other syntax live peacefully inside attribute value, as browser will likely to touch it a lot, so we can't really offer a DreamWeaver alike feature here, but considering that many existing application out there heavily relies on embedded syntax inside attribute, so we should at least provide the ability to keeping them intact (in source mode).

The patch is enhanced protected source feature that protect into placeholders text like {cke_protected_1}.

comment:15 follow-up: Changed 5 years ago by Saare

  • Status changed from review to review_failed

Real values should be restored in dialogs.

comment:16 in reply to: ↑ 15 Changed 5 years ago by garry.yao

  • Status changed from review_failed to review

Replying to Saare:

Real values should be restored in dialogs.

This's by design, as achieving that requires much complexity when r/w attribute values.

comment:17 Changed 5 years ago by Saare

  • Status changed from review to review_passed

comment:18 Changed 5 years ago by garry.yao

  • Resolution set to fixed
  • Status changed from review_passed to closed

Fixed with [6457].

comment:19 Changed 5 years ago by garry.yao

  • Keywords Discussion removed
Note: See TracTickets for help on using tickets.
© 2003 – 2016 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy