id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc 4683,"CKEDITOR.dom.element attribute containing "" (double quotation mark) breaks basicWriter HTML output",Peter,Garry Yao,"Example: {{{ element.setAttribute( 'onclick', 'document.location=""/products/fa-3819"";' ); }}} Expected HTML output: {{{ onclick=""document.location="/products/fa-3819";"" }}} Generated HTML output: {{{ onclick=""document.location=""/products/fa-3819"";"" }}} (I use textarea replacement mode in my setup.)[[BR]] [[BR]] DOM handling functions like setAttribute/getAttribute are expected to handle values as literals. All the required string processing should be made by the underlying framework.[[BR]] [[BR]] I think the problem affects only CKEDITOR.htmlParser.basicWriter. CKEDITOR.dom.element and its setAttribute implementation has nothing to do with the problem.[[BR]] [[BR]] See: /core/htmlparser/basicwriter.js Line 61-64: {{{ /** * Writes an attribute. This function should be called after opening the * tag with {@link #openTagClose}. * @param {String} attName The attribute name. * @param {String} attValue The attribute value. * @example * // Writes ' class=""MyClass""'. * writer.attribute( 'class', 'MyClass' ); */ attribute : function( attName, attValue ) { this._.output.push( ' ', attName, '=""', attValue, '""' ); }, }}} Please add proper escaping for attributes. (CKEDITOR.tools.htmlEncode is not applicable since it leaves double quotes untouched in Firefox)[[BR]] [[BR]] [http://www.w3.org/TR/html4/charset.html#h-5.3.2][[BR]] ''""Some authors use the character entity reference """"" to encode instances of the double quote mark ("") since that character may be used to delimit attribute values.""''",Bug,closed,Normal,CKEditor 3.2,Core : Output Data,SVN (CKEditor) - OLD,fixed,Review+,