id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
4683	"CKEDITOR.dom.element attribute containing "" (double quotation mark) breaks basicWriter HTML output"	Peter	Garry Yao	"Example:

{{{
element.setAttribute( 'onclick', 'document.location=""/products/fa-3819"";' );
}}}


Expected HTML output:

{{{
onclick=""document.location="/products/fa-3819";""
}}}


Generated HTML output:

{{{
onclick=""document.location=""/products/fa-3819"";""
}}}
(I use textarea replacement mode in my setup.)[[BR]]
[[BR]]
DOM handling functions like setAttribute/getAttribute are expected to handle values as literals. All the required string processing should be made by the underlying framework.[[BR]]
[[BR]]
I think the problem affects only CKEDITOR.htmlParser.basicWriter. CKEDITOR.dom.element and its setAttribute implementation has nothing to do with the problem.[[BR]]
[[BR]]
See:
/core/htmlparser/basicwriter.js Line 61-64:
		
{{{
		/**
		 * Writes an attribute. This function should be called after opening the
		 * tag with {@link #openTagClose}.
		 * @param {String} attName The attribute name.
		 * @param {String} attValue The attribute value.
		 * @example
		 * // Writes ' class=""MyClass""'.
		 * writer.attribute( 'class', 'MyClass' );
		 */
		attribute : function( attName, attValue )
		{
			this._.output.push( ' ', attName, '=""', attValue, '""' );
		},
}}}

Please add proper escaping for attributes. (CKEDITOR.tools.htmlEncode is not applicable since it leaves double quotes untouched in Firefox)[[BR]]
[[BR]]
[http://www.w3.org/TR/html4/charset.html#h-5.3.2][[BR]]
''""Some authors use the character entity reference """"" to encode instances of the double quote mark ("") since that character may be used to delimit attribute values.""''"	Bug	closed	Normal	CKEditor 3.2	Core : Output Data	SVN (CKEditor) - OLD	fixed	Review+