Opened 10 years ago

Closed 10 years ago

#11223 closed Bug (fixed)

ProtectedSource not working in the title element

Reported by: Marcus Bointon Owned by: Marek Lewandowski
Priority: Normal Milestone: CKEditor 4.4.1
Component: General Version: 3.1
Keywords: Cc:

Description

This problem is described in this forum post.

With protectedSource set thus:

CKEDITOR.config.protectedSource.push(/\[\[[^\]]*?\]\]/g);

This document:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>[[mytag]]</title>
[[mytag]]
</head>
<body>
[[mytag]]
</body>
</html>

becomes this when loaded into CKEditor:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
	<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
	<title>&lt;!--{cke_protected}%5B%5Bmytag%5D%5D--&gt;</title>
	[[mytag]]
</head>
<body>[[mytag]]</body>
</html>

and it stays that way when the form is submitted. When it's reloaded, it gets encoded a second time, resulting in an ever-growing title tag full of junk.

The forum post describes another problem related to using placeholders, but this bug is really a separate issue.

Attachments (1)

11223.html (2.1 KB) - added by Piotrek Koszuliński 10 years ago.

Download all attachments as: .zip

Change History (15)

comment:1 Changed 10 years ago by Marcus Bointon

I've discovered it's not only on load/save that it re-encodes - just switching between visual and source modes is enough, so if I toggle between the two states, the encoded chunk in the title tag gets bigger and bigger.

comment:2 Changed 10 years ago by Jakub Ś

Status: newpending
Version: 4.3

Unlike #11544 I'm not able to reproduce this one in CKEditor 4.3.2.

We have few cke_protected issues: #7805, #7826, #8129, #8216, #8230, #9205 but this one doesn't look like it. My result was the same as in #11544. @Synchro could you perhaps attach sample page that can be put into samples folder and will show this problem?

comment:3 Changed 10 years ago by Piotrek Koszuliński

Milestone: CKEditor 4.3.4
Status: pendingconfirmed

I confirm this issue... or rather issues. Attachment 11223.html shows many bugs. I've got the same issues on every version since at least 4.0.

Let's give this ticket a try in 4.3.4. It's not acceptable that two core features are so incompatible.

comment:4 Changed 10 years ago by Jakub Ś

Version: 3.1

Thanks for the sample. Seems all issues can be reproduced from CKEditor 3.1. Protected source doesn't get along with Full Page mode.

comment:5 Changed 10 years ago by Piotrek Koszuliński

Summary: protectedSource not working in title elementProtectedSource not working in the title element

Argh... I forgot about the g flag for regexps in 11223.html! :D That's why only the first occurrence has been replaced. I'll reattach fixed 11223.html on which only protected source in a title doesn't work.

Changed 10 years ago by Piotrek Koszuliński

Attachment: 11223.html added

comment:6 Changed 10 years ago by Piotrek Koszuliński

Unfortunately it's the same issue as here: http://dev.ckeditor.com/ticket/11442#comment:6. In short - browsers do not accept comments in the <title> element and comments are used by the protect source feature. Quick test:

document.title = '<!--xxx-->';
document.head.innerHTML;

	<meta charset="utf-8">
	<title>&lt;!--xxx--&gt;</title>

However, we don't have to protect source in the <title>, so the fix seems to be easy.

comment:7 Changed 10 years ago by Piotrek Koszuliński

Additionally, I found out that the same problem with protected source occurs in <iframe> (#11442 again). IMO the easiest solution would be to unprotect source inside <iframe>/<title> tags here: https://github.com/ckeditor/ckeditor-dev/blob/4.3.3/core/htmldataprocessor.js#L891, because excluding their content from https://github.com/ckeditor/ckeditor-dev/blob/4.3.3/core/htmldataprocessor.js#L867 seems to be hard.

PS. This is another argument for stopping using in-browser HTML normalization. If we used only parser it would be easier.

comment:8 Changed 10 years ago by Piotrek Koszuliński

I closed #7826 as a DUP of this issue, because it has the same nature and need the same fix - we cannot protect source in <textarea> because we lose comments inside it.

comment:11 Changed 10 years ago by Marek Lewandowski

comment:12 Changed 10 years ago by Piotrek Koszuliński

Milestone: CKEditor 4.3.4CKEditor 4.4.1

comment:13 Changed 10 years ago by Marek Lewandowski

Owner: set to Marek Lewandowski
Status: confirmedassigned

comment:14 Changed 10 years ago by Marek Lewandowski

Status: assignedreview

Pushed to t/11223 at dev and t/11223 at tests.

comment:15 Changed 10 years ago by Piotrek Koszuliński

Status: reviewreview_passed

I rebased both branches and pushed additional commits to both of them. That were only some simplifications.

This patch fixes also a part of #11442.

Last edited 10 years ago by Piotrek Koszuliński (previous) (diff)

comment:16 Changed 10 years ago by Marek Lewandowski

Resolution: fixed
Status: review_passedclosed

Fixed with git:90da227a39 (merged to master) at dev and 21063c530f (merged to master) at tests.

Note: See TracTickets for help on using tickets.
© 2003 – 2022, CKSource sp. z o.o. sp.k. All rights reserved. | Terms of use | Privacy policy