ProtectedSource not working in the title element

[Marcus Bointon]

This problem is described in ​this forum post.

With protectedSource set thus:

CKEDITOR.config.protectedSource.push(/\[\[[^\]]*?\]\]/g);

This document:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>[[mytag]]</title>
[[mytag]]
</head>
<body>
[[mytag]]
</body>
</html>

becomes this when loaded into CKEditor:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
	<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
	<title>&lt;!--{cke_protected}%5B%5Bmytag%5D%5D--&gt;</title>
	[[mytag]]
</head>
<body>[[mytag]]</body>
</html>

and it stays that way when the form is submitted. When it's reloaded, it gets encoded a second time, resulting in an ever-growing title tag full of junk.

The forum post describes another problem related to using placeholders, but this bug is really a separate issue.

[Marcus Bointon]

I've discovered it's not only on load/save that it re-encodes - just switching between visual and source modes is enough, so if I toggle between the two states, the encoded chunk in the title tag gets bigger and bigger.

[Jakub Ś]

Unlike #11544 I'm not able to reproduce this one in CKEditor 4.3.2.

We have few cke_protected issues: #7805, #7826, #8129, #8216, #8230, #9205 but this one doesn't look like it. My result was the same as in #11544. @Synchro could you perhaps attach sample page that can be put into samples folder and will show this problem?

[Piotrek Koszuliński]

I confirm this issue... or rather issues. Attachment 11223.html​ shows many bugs. I've got the same issues on every version since at least 4.0.

Let's give this ticket a try in 4.3.4. It's not acceptable that two core features are so incompatible.

[Jakub Ś]

Thanks for the sample. Seems all issues can be reproduced from CKEditor 3.1. Protected source doesn't get along with Full Page mode.

[Piotrek Koszuliński]

Argh... I forgot about the g flag for regexps in 11223.html​! :D That's why only the first occurrence has been replaced. I'll reattach fixed 11223.html on which only protected source in a title doesn't work.

[Piotrek Koszuliński]

Unfortunately it's the same issue as here: ​http://dev.ckeditor.com/ticket/11442#comment:6. In short - browsers do not accept comments in the <title> element and comments are used by the protect source feature. Quick test:

document.title = '<!--xxx-->';
document.head.innerHTML;

	<meta charset="utf-8">
	<title>&lt;!--xxx--&gt;</title>

However, we don't have to protect source in the <title>, so the fix seems to be easy.

[Piotrek Koszuliński]

Additionally, I found out that the same problem with protected source occurs in <iframe> (#11442 again). IMO the easiest solution would be to unprotect source inside <iframe>/<title> tags here: ​https://github.com/ckeditor/ckeditor-dev/blob/4.3.3/core/htmldataprocessor.js#L891, because excluding their content from ​https://github.com/ckeditor/ckeditor-dev/blob/4.3.3/core/htmldataprocessor.js#L867 seems to be hard.

PS. This is another argument for stopping using in-browser HTML normalization. If we used only parser it would be easier.

[Piotrek Koszuliński]

I closed #7826 as a DUP of this issue, because it has the same nature and need the same fix - we cannot protect source in <textarea> because we lose comments inside it.

[Marek Lewandowski]

Pushed to ​t/11223 at dev and t/11223 at tests.

[Piotrek Koszuliński]

I rebased both branches and pushed additional commits to both of them. That were only some simplifications.

This patch fixes also a part of #11442.

[Marek Lewandowski]

Fixed with ​git:90da227a39 (merged to master) at dev and 21063c530f (merged to master) at tests.