Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#4708 closed New Feature (fixed)

Missing configuration from pre-3.0: HtmlEncodeOutput

Reported by: jensenbox Owned by: garry.yao
Priority: Normal Milestone: CKEditor 3.1
Component: Core : Output Data Version: SVN (CKEditor) - OLD
Keywords: Confirmed Review+ Cc: christian@…

Description

It would appear that the 3.0.1 build does not contain a very important configuration for ASP.NET (and ASP.NET MVC) - the ability to encode the HTML prior to the form submission.

ASP.NET balks at any content being submitted that contains a < and a > with the message "A potentially dangerous Request.Form value was detected from the client"

This functionality was added in #1266 in a prior release.

It is possible to circumvent the issue with setting a "ValidateInput=false" setting however this is set either at the page level or the method level. Ideally this would be as granular as the field in question but those facilities do not exist at this time.

The ideal situation would be to have CKeditor pre-encode the content before submission to the server.

Workarounds available:

Attachments (1)

4708.patch (1.3 KB) - added by garry.yao 7 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 7 years ago by fredck

  • Keywords Confirmed added
  • Milestone set to CKEditor 3.1
  • Type changed from Bug to New Feature

Changed 7 years ago by garry.yao

comment:2 Changed 7 years ago by garry.yao

  • Keywords Review? added
  • Owner set to garry.yao
  • Status changed from new to assigned

Ticket Test added at :
http://ckeditor.t/tt/4708/1.html.

comment:3 Changed 7 years ago by fredck

  • Keywords Review+ added; Review? removed

Please transform the new htmlEncodeOutput setting in a documentation only thing when committing.

comment:4 Changed 7 years ago by garry.yao

  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed with [4586] and [4587] at 3.1.x branch.

comment:5 Changed 7 years ago by alfonsoml

An additional comment:

I think that this setting was the cause of previous bug reports (in asp.net environments, that's the clue) that when pressing the back button of the browser, FCKeditor showed in design mode the html code.

My thoughts about this problem is that the browser was reloading the latest value of the textarea, and that was the html-encoded value, so this configuration should be paired with the requirement that the original input is also html-encoded (which should be easy to handle if the asp.net server side integration was provided, but it seems that it still isn't ready and people are doing it in their own way).

Just some thoughts...

Note: See TracTickets for help on using tickets.
© 2003 – 2016 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy