Opened 10 years ago

Closed 10 years ago

#11494 closed Bug (invalid)

Incorrect handling of gt/lt-masked braces at editor load

Reported by: jhacker Owned by:
Priority: Normal Milestone:
Component: General Version:
Keywords: Cc:


Summary: Text from an textarea, that is interpreted by CKEditor is removed, if it is between an &lt; and &gt;. Instead, the &lt; and &gt; should be interpreted and displayed as < and >


  • CKEditor 4.3.2 Standard package with default configuration
  • Firefox 24.1.0
  • Windows 7

Situation: CKEditor is loaded onto page, that reads a database entry into a textarea. The entries possibly contain some normal HTML tags on purpose. Furthermore there are some braces in the text, which belong to the text itself and are masked with the corresponding HTML entities lt/gt.

While inserting text, CKEditor maskes the braces correctly and writes them to the textarea. Consequently they are written to the database correctly. E. g. the text "select <column> from <table>" is being converted to "select &lt;column&gt; from &lt;table&gt;".

However, as soon as the database entry is loaded to be edited, it comes to the problem, that CKEditor detects the text enclosed in the lt/gt-braces inside the textarea and just removes it. E. g. if the text given above is found, CKEditor interprets it as "select from" and just removes &lt;column&gt; and &lt;table&gt;

Expected behaviour: Text mustn't be removed. Instead, &lt; and &gt; have to be displayed as < and >.

Change History (1)

comment:1 Changed 10 years ago by Piotrek Koszuliński

Resolution: invalid
Status: newclosed
Version: 4.3.2

It's how HTML works. Note that this:

<textarea id="foo">&lt;</textarea>
<script>alert( document.getElementById( 'foo' ).value )</script>

Will alert "<", not "&lt;".

So before setting content of textarea in HTML, you need to encode your data, so &lt; becomes &amp;lt;.

Note: See TracTickets for help on using tickets.
© 2003 – 2022, CKSource sp. z o.o. sp.k. All rights reserved. | Terms of use | Privacy policy