Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#11312 closed Bug (invalid)

CKEditor and {cke_protected} for "<?" string

Reported by: lkopo Owned by:
Priority: Normal Milestone:
Component: Core : Parser Version:
Keywords: Cc:

Description

If I try, to write "<?" code into my CKEditor, it will be transformed into

<p>&lt;? lol</p>

It's OK. But if I submit my form and page is reloaded I will see:

<p><!--? lol</p--></p>

Change History (4)

comment:1 Changed 10 years ago by Piotrek Koszuliński

Keywords: code parsing cke_protected removed
Resolution: invalid
Status: newclosed
Version: 4.3

That's because your page does not encode content when outputting it to textarea.

This will work correctly:

<textarea class="ckeditor">
&lt;p&gt;&amp;lt;? lol&lt;/p&gt;
</textarea>

This will not:

<textarea class="ckeditor">
<p>&lt;? lol</p>
</textarea>

Because when CKEditor tries to read content from the second textarea it gets:

<p><? lol</p>

And that simply isn't correct HTML.

comment:2 Changed 10 years ago by lkopo

But it does automatically. How can I fix that? I have to use htmlspecialchars() ?

Last edited 10 years ago by lkopo (previous) (diff)

comment:3 Changed 10 years ago by Piotrek Koszuliński

Your system has to replace every:

  • < with &lt;
  • & with &amp;
  • > with &gt;

when printing textarea's HTML.

comment:4 Changed 10 years ago by lkopo

But then it will not be a HTML syntax, no? Do you mean to replace it when i am inputing text INTO textarea or when I am outputing text from area?

Version 0, edited 10 years ago by lkopo (next)
Note: See TracTickets for help on using tickets.
© 2003 – 2022, CKSource sp. z o.o. sp.k. All rights reserved. | Terms of use | Privacy policy