Ticket #4719: 4719_5.patch
File 4719_5.patch, 2.2 KB (added by , 14 years ago) |
---|
-
_source/core/htmlparser/basicwriter.js
60 60 */ 61 61 attribute : function( attName, attValue ) 62 62 { 63 // Browsers don't always escape quote in attribute values. (#4683) 64 if ( typeof attValue == 'string' ) 65 attValue = attValue.replace( /"/g, '"' ); 63 // Browsers don't always escape special character in attribute values. (#4683, #4719). 64 if ( typeof attValue == 'string' ) { 65 attValue = CKEDITOR.tools.htmlEncodeAttr( attValue ); 66 } 66 67 67 68 this._.output.push( ' ', attName, '="', attValue, '"' ); 68 69 }, -
_source/core/tools.js
321 321 322 322 return this.htmlEncode( text ); 323 323 }, 324 325 /** 326 * Replace special HTML characters in a string with their relative HTML 327 * entity values. 328 * @param {String} text The string to be encoded. 329 * @returns {String} The encode string. 330 * @example 331 * alert( CKEDITOR.tools.htmlEncode( 'A > " < D' ) ); // "A > "e; < D" 332 */ 333 334 htmlEncodeAttr : function( text ) 335 { 336 return text.replace( /"/g, '"' ).replace( /</g, '<' ).replace( />/, '>' ); 337 }, 324 338 325 339 /** 326 340 * Replace characters can't be represented through CSS Selectors string -
_source/plugins/htmlwriter/plugin.js
175 175 if ( typeof attValue == 'string' ) 176 176 { 177 177 this.forceSimpleAmpersand && ( attValue = attValue.replace( /&/g, '&' ) ); 178 // Browsers don't always escape quote in attribute values. (#4683)179 attValue = attValue.replace( /"/g, '"');178 // Browsers don't always escape special character in attribute values. (#4683, #4719). 179 attValue = CKEDITOR.tools.htmlEncodeAttr( attValue ); 180 180 } 181 181 182 182 this._.output.push( ' ', attName, '="', attValue, '"' );