Ticket #14451: 14451-2.patch
File 14451-2.patch, 6.5 KB (added by , 8 years ago) |
---|
-
core/dom/element.js
From 3dc10d903e8d706290a6bf9a47f20991eed5edb0 Mon Sep 17 00:00:00 2001 From: Jakub Chalupa <chaluja7@fel.cvut.cz> Date: Fri, 11 Mar 2016 18:26:40 +0100 Subject: [PATCH 1/2] #14451 - Widget crashes if editable region has a numeric ID --- core/dom/element.js | 2 +- tests/plugins/image2/image2.html | 10 ++++++++++ tests/plugins/image2/image2.js | 40 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 1 deletion(-) diff --git a/core/dom/element.js b/core/dom/element.js index b586b02..4b58d1d 100644
a b CKEDITOR.dom.element.clearMarkers = function( database, element, removeFromDatab 2038 2038 } 2039 2039 2040 2040 function getContextualizedSelector( element, selector ) { 2041 return '#' + element.$.id + ' ' + selector.split( /,\s*/ ).join( ', #' + element.$.id+ ' ' );2041 return '#' + CSS.escape( element.$.id ) + ' ' + selector.split( /,\s*/ ).join( ', #' + CSS.escape( element.$.id ) + ' ' ); 2042 2042 } 2043 2043 2044 2044 var sides = { -
tests/plugins/image2/image2.html
diff --git a/tests/plugins/image2/image2.html b/tests/plugins/image2/image2.html index 0748671..7e218e4 100644
a b 99 99 <figcaption>caption1</figcaption> 100 100 </figure> 101 101 </textarea> 102 103 <!-- numeric widget ID --> 104 105 <textarea id="editor_widget_numeric_id"> 106 <p>x</p> 107 <figure class="image"> 108 <img src="_assets/foo.png" alt="foo" /> 109 <figcaption id="100">caption1</figcaption> 110 </figure> 111 </textarea> 102 112 </body> 113 No newline at end of file -
tests/plugins/image2/image2.js
diff --git a/tests/plugins/image2/image2.js b/tests/plugins/image2/image2.js index dee11b8..83b29a8 100644
a b 405 405 '</figure>' 406 406 } ); 407 407 408 // -- numeric widget ID ------------------------------------------------- 409 410 tools.addTests( tcs, { 411 name: 'widget_numeric_id', 412 widgetName: 'image', 413 extraPlugins: 'image2', 414 extraAllowedContent: 'figcaption[id]', 415 editorConfig: alignClassesEditorConfig, 416 initialInstancesNumber: 1, 417 assertWidgets: function( editor ) { 418 var figcaption = editor.document.getById( '100' ); 419 assert.isNotUndefined( figcaption, 'Figcaption with id 100 should exists' ); 420 assert.isNotNull( figcaption, 'Figcaption with id 100 shoul be non null element' ); 421 422 assertWidgetData( { 423 align: 'none', 424 src: '_assets/foo.png', 425 alt: 'foo', 426 width: '', 427 height: '', 428 hasCaption: true, 429 figcaption: figcaption 430 }, 'caption1' ); 431 }, 432 newData: newDialogData( { 433 align: 'none', 434 src: '_assets/bar.png', 435 alt: 'bar', 436 width: '200', 437 height: '250', 438 hasCaption: true 439 } ), 440 newWidgetPattern: 441 '<figure class="image">' + 442 '<img alt="bar" height="250" src="_assets/bar.png" width="200" />' + 443 '<figcaption>Caption</figcaption>' + 444 '</figure>' 445 446 } ); 447 408 448 bender.test( tcs ); 409 449 410 450 function assertWidgetData( data, caption ) { -
core/dom/element.js
From 0294763ea4e7a3ec2ad555042cc90afc30e7cfe8 Mon Sep 17 00:00:00 2001 From: Jakub Chalupa <chaluja7@fel.cvut.cz> Date: Mon, 14 Mar 2016 23:49:12 +0100 Subject: [PATCH 2/2] #14451 - Widget crashes if editable region has a numeric ID - custom escapeCss function --- core/dom/element.js | 2 +- core/tools.js | 23 +++++++++++++++++++++++ tests/core/tools.js | 42 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 66 insertions(+), 1 deletion(-) diff --git a/core/dom/element.js b/core/dom/element.js index 4b58d1d..3c92c21 100644
a b CKEDITOR.dom.element.clearMarkers = function( database, element, removeFromDatab 2038 2038 } 2039 2039 2040 2040 function getContextualizedSelector( element, selector ) { 2041 return '#' + C SS.escape( element.$.id ) + ' ' + selector.split( /,\s*/ ).join( ', #' + CSS.escape( element.$.id ) + ' ' );2041 return '#' + CKEDITOR.tools.escapeCss( element.$.id ) + ' ' + selector.split( /,\s*/ ).join( ', #' + CKEDITOR.tools.escapeCss( element.$.id ) + ' ' ); 2042 2042 } 2043 2043 2044 2044 var sides = { -
core/tools.js
diff --git a/core/tools.js b/core/tools.js index ae5b4d0..bf48e84 100644
a b 1353 1353 } 1354 1354 1355 1355 return token; 1356 }, 1357 1358 /** 1359 * Returns escaped CSS selector. CSS.escape() is used if defined, leading digit is escaped otherwise. 1360 * 1361 * @since 4.5.8 1362 * @param {String} selector 1363 * @returns {String} escaped selector 1364 */ 1365 escapeCss: function( selector ) { 1366 //invalid input 1367 if ( typeof selector === 'undefined' || selector === null || selector.length === 0 ) 1368 return ''; 1369 1370 //CSS.escape() can be used 1371 if ( typeof CSS !== 'undefined' && typeof CSS.escape !== 'undefined' ) 1372 return CSS.escape( selector ); 1373 1374 //simple leading digit escape 1375 if ( !isNaN( parseInt( selector.charAt( 0 ), 10 ) ) ) 1376 return '\\3' + selector.charAt( 0 ) + ' ' + selector.substring( 1, selector.length ); 1377 1378 return selector; 1356 1379 } 1357 1380 }; 1358 1381 -
tests/core/tools.js
diff --git a/tests/core/tools.js b/tests/core/tools.js index 880f241..18422d5 100644
a b 647 647 648 648 // Check if next token will be the same. 649 649 assert.areEqual( token, CKEDITOR.tools.getCsrfToken(), 'getCsrfToken returns token from cookie' ); 650 }, 651 652 'test escapeCss - invalid selector': function() { 653 var selector; 654 var escapedSelector = CKEDITOR.tools.escapeCss( selector ); 655 656 //check undefined selector 657 assert.areSame( escapedSelector, '', 'invalid selector - undefined' ); 658 659 selector = null; 660 escapedSelector = CKEDITOR.tools.escapeCss( selector ); 661 662 //check null selector 663 assert.areSame( escapedSelector, '', 'invalid selector - null' ); 664 665 selector = ''; 666 escapedSelector = CKEDITOR.tools.escapeCss( selector ); 667 668 //check empty selector 669 assert.areSame( escapedSelector, '', 'invalid selector - empty' ); 670 }, 671 672 'test escapeCss - starts-with-number selector': function() { 673 var selector = '100'; 674 var escapedSelector = CKEDITOR.tools.escapeCss( selector ); 675 676 //check starts-with-number selector 677 assert.areSame( escapedSelector, '\\31 00', 'starts-with-number selector' ); 678 679 selector = '0'; 680 escapedSelector = CKEDITOR.tools.escapeCss( selector ); 681 682 //check only-one-number selector 683 assert.areSame( escapedSelector, '\\30 ', 'only-one-number selector' ); 684 }, 685 686 'test escapeCss - standard selector': function() { 687 var selector = 'aaa'; 688 var escapedSelector = CKEDITOR.tools.escapeCss( selector ); 689 690 //check standard selector 691 assert.areSame( escapedSelector, 'aaa', 'starts with number selector' ); 650 692 } 651 693 } ); 652 694 } )();