HTMLDataProcessor attribute protection in protectSource method

[Kyle Florence]

The regular expression used for attribute matching is overly aggressive (it matches outside of HTML tags). This was resulting in some of the protection characters making their way to our final output (such as: "{C}" or "{cke_protected_1}").

[Jakub Ś]

This patch seems to fix "{C}" or "{cke_protected_1}". What is more important this patch seems fixes other problems with "{C}", "{cke_protected_1}": #7805, #8216, #7826.

@kflorence could you give us your HTML examples that you had problems with?

[Kyle Florence]

See attached. It was especially apparent in French, since there are a lot of words concatenated with a single quote.

[Jakub Ś]

Thank you for the sample.

[Frederico Caldeira Knabben]

Reduced TC:

1. Paste this on source:

<p>A'B<!-- Comment -->C'D</p>

2. Switch to wysiwyg: BUG: {cke_protected_1} will appear in the comment position.

3. Switch back to source: BUG: {C} will be appended before the comment.

[Chris Smith]

Version 3.6.4: The change is needed in the ckeditor.js file. I found the regex and changed it in this file and the problem was fixed.

[Eric Pascarello]

Is this bug going to be addressed? I am seeing this in the 4.x branch as well.

[Wiktor Walc]

cc

[Piotrek Koszuliński]

Pushed ​branch:t/9205 on dev and tests. I guess that it's still not 100% correct, because it's regexp, but I couldn't find a TC that'd break this.

The patch fixes also #7805 and #8216.

[Piotrek Koszuliński]

TCs for #9205, #7805 and #8216.

[Piotrek Koszuliński]

Fixed on master with ​git:5aba2ea on dev and 87f72be on tests. Patch fixed also #7805 and #8216.

[Piotrek Koszuliński]

DUP reported in #11672.