﻿id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
9185	Inline javascript strings containing html become corrupt on edit	Paul Aumer-Ryan		"Related to ticket:7243, if my editor content contains protected elements (a, area, img, or input) embedded in a javascript string, ckEditor will try to protect their attributes (href, src, name), even if their quote delimiters are escaped.

For example: ckEditor will change this:
{{{
  var link = ""<a href=\""http://google.com\"">Google</a>"";
}}}
to this:
{{{
  var link = ""<a  data-cke-saved-href=\""http://google.com\"">Google href=\""http://google.com\"">Google</a>"";
}}}

Fix: the protectAttributes() parser (in htmldataprocessor/plugin.js) should ignore attributes with escaped delimiters. More specifically, line 291-292 (v3.6.4) should change from this:
{{{
	var protectElementRegex = /<(a|area|img|input)\b([^>]*)>/gi,
		protectAttributeRegex = /\b(on\w+|href|src|name)\s*=\s*(?:(?:""[^""]*"")|(?:'[^']*')|(?:[^ ""'>]+))/gi;
}}}
to this:
{{{
	var protectElementRegex = /<(a|area|img|input)\b([^>]*)>/gi,
		protectAttributeRegex = /\b(on\w+|href|src|name)\s*=\s*(?:(?:""[^""]*"")|(?:'[^']*')|(?:[^ ""'\\>]+))/gi;
}}}
(I just added an escaped backslash to that last non-capturing group in the regex.)

I have tested this change on the following permutations, and the regex still correctly captures all but the last two links (which should be ignored because they are invalid anyway):
{{{
<a href=""http://google.com"">Google</a>
<a href=http://google.com>Google</a>
<a href= 'http://google.com'>Google</a>
<a href="""">Google</a>
<a href= \\>Google</a>
<a href=\""http://google.com\"">Google</a>
}}}

Thanks guys!"	Bug	closed	Normal		Core : Parser		invalid		Sa'ar Zac Elias
