Opened 6 years ago

Closed 6 years ago

#7243 closed Bug (fixed)

Inline Javascript using SRC in the script becomes corrupt on edit

Reported by: Spruz Owned by: Saare
Priority: Normal Milestone: CKEditor 3.6.2
Component: Core : Parser Version: 3.5.2
Keywords: Cc:


This can be reproduced by adding an onmousover (or other inline script) with this content: this.src = 'URL';

If the content is edited after the first save, the editor inserts " data-cke-saved-src='URL'" between "this." and "src" in the code.

This breaks the script, and if edited repeatedly, more and more of these strings are inserted into the code.

Attachments (1)

7243.patch (2.2 KB) - added by Saare 6 years ago.

Download all attachments as: .zip

Change History (9)

comment:1 Changed 6 years ago by krst

  • Component changed from General to Core : Parser
  • Keywords javascript src data-cke-saved-src removed
  • Status changed from new to pending

Please add info:

  • browser and OS used
  • more complete sample code, so we could easily reproduce this issue.

comment:2 Changed 6 years ago by Spruz

This issue seems to happen in all browsers. The browser that I have personally tested this in and seen the issue are: Chrome 9, Firefox 3.6, IE9 RC, IE 7, IE 8.

Here is HTML to test with:

	<img _cke_saved_src="" alt="" onclick="this.src='';" src="" style="width: 360px; height: 327px;" /></p>

Use that as your existing code; when the editor loads it changes it to this broken code:

	<img _cke_saved_src="" alt="" onclick="this. data-cke-saved-src='' src='';" src="" style="width: 360px; height: 327px" /></p>

Notice the extra data-cke-saved- and the extra image url in single quotes. It seems to be a placeholder, however this is also the same code that is submitted and saved when using submitting the form.

comment:3 Changed 6 years ago by wwalc

  • Status changed from pending to confirmed

Related forum topic:

Steps to reproduce

  1. Load the following in source mode:
    <p><img onmouseout="this.src='out.png'" onmouseover="this.src='over.png'" src="image.png"></p>
  2. Switch to wysiwyg mode and back
  3. Result:
    <p><img onmouseout="this. data-cke-saved-src='out.png' src='out.png'" onmouseover="this. data-cke-saved-src='over.png' src='over.png'" src="image.png" /></p>

comment:4 Changed 6 years ago by wwalc

  • Milestone set to CKEditor 3.6.2

Issues causing that source code is destroyed should always have higher priority, so targeting it into 3.6.2.

Changed 6 years ago by Saare

comment:5 Changed 6 years ago by Saare

  • Owner set to Saare
  • Status changed from confirmed to review

The best way to fix this is probably to simply skip the inline event handlers.

comment:6 Changed 6 years ago by Saare

TC added with [7172].

comment:7 Changed 6 years ago by fredck

  • Status changed from review to review_passed

As for tests, it would be nice to have a proper tt for it, instead of a dt only.

comment:8 Changed 6 years ago by Saare

  • Resolution set to fixed
  • Status changed from review_passed to closed

TT added, run or view source.
Fixed with [7208].

Note: See TracTickets for help on using tickets.
© 2003 – 2016 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy