We are migrating CKEditor issue tracking to GitHub. Please, use GitHub to report any new issues.

The former tracking system (this website) will still be available in the read-only mode. All issues reported in the past will still be available publicly and can be referenced.

Important: we decided not to transfer all the tickets to GitHub, as many of them are not reproducible anymore or simply no longer requested by the community.
If the issue you are interested in, can be still reproduced in the latest version of CKEditor, feel free to report it again on GitHub.
At the same time please note that issues reported on this website are still taken into consideration when picking up candidates for next milestones.

To report a new issue, go to https://github.com/ckeditor/ckeditor-dev/issues and follow the instructions in the issue template.

Context Navigation

Back to Ticket #8630

Ticket #8630: 8630_2.patch

File 8630_2.patch, 877 bytes (added by Alfonso Martínez de Lizarrondo, 12 years ago)
Simple replacement patch

_source/plugins/htmldataprocessor/plugin.js

                         // Call the browser to help us fixing a possibly invalid HTML
                         // structure.
                         var div = new CKEDITOR.dom.element( 'div' );
+                        // Prevent execution of event handlers in the div (#8630)
+                        data = data.replace( /\bon/g, ' data-ckeoff' );
                         // Add fake character to workaround IE comments bug. (#3801)
                         div.setHtml( 'a' + data );
                         data = div.getHtml().substr( 1 );
+                        // Restore event handlers (#8630)
+                        data = data.replace( / data-ckeoff/g, ' on' );
                         // Unprotect "some" of the protected elements at this point.
                         data = unprotectElementNames( data );

Download in other formats:

Original Format