Opened 4 years ago

Closed 4 years ago

#11811 closed Bug (fixed)

Widget's data are not encoded correctly when passed to attribute

Reported by: Piotrek Koszuliński Owned by: Piotr Jasiun
Priority: Normal Milestone: CKEditor 4.4.1
Component: General Version: 4.3
Keywords: Cc:

Description (last modified by Piotrek Koszuliński)

  1. Open codesnippet sample.
  2. Create snippet with <!--Foo--> content.
  3. Copy it.
  4. Paste it.
  5. Results:
    • Chrome: OK.
    • FF, IE: snippet contains: {cke_protected_1}.

That's because FF and IE do not encode "<" in attribute values. Chrome does this automatically.

Change History (13)

comment:1 Changed 4 years ago by Piotrek Koszuliński

Description: modified (diff)
Status: newconfirmed

comment:2 Changed 4 years ago by Piotrek Koszuliński

I pushed branch:t/11811 with the simplest solution. Simplest but very locally working, because the real issue is somewhere else. The HTML data processor should not protect comment inside attribute. Unfortunately that may be extremely hard to achieve because of the way how comments protection must work - on HTML string.

Last edited 4 years ago by Piotrek Koszuliński (previous) (diff)

comment:3 Changed 4 years ago by Piotr Jasiun

Owner: set to Piotr Jasiun
Status: confirmedassigned

This ticket is definitely related to #11777.

comment:4 Changed 4 years ago by Piotrek Koszuliński

This ticket must go before #11777.

comment:5 Changed 4 years ago by Piotr Jasiun

Status: assignedreview

Encoding data-cke-widget-data attribute using encodeURIComponent seems to be the best way to fix this issue. Changes in t/11811b and corresponding test branch.

comment:6 Changed 4 years ago by Piotrek Koszuliński

Status: reviewreview_failed
  1. Please merge these tests to widgetapi.html.
  2. Do not create unnecessary editor instances. You can register widgets dynamically, and if they have unique names, there won't be conflicts with other tests.
  3. Correct other widget system tests.

This change revealed a bug in code snippet plugin. I'll create a ticket for it.

comment:7 Changed 4 years ago by Piotrek Koszuliński

Ticket for issue in the code snippet plugin: #11926.

comment:8 Changed 4 years ago by Piotr Jasiun

Status: review_failedreview

I merged tests into widgetapi.html, improved performance and corrected other tests (excluding code snippert tests which will be fixed in #11926). Changes in t/11811b test branch.

comment:9 Changed 4 years ago by Piotrek Koszuliński

Status: reviewreview_failed

You should extract a function calling encodeURIComponent(JSON.stringify(obj)) to widget test tools. That pair cannot be repeated in every related test. What if we change the form again?

comment:10 Changed 4 years ago by Piotr Jasiun

I changed data2Attr and added getAttrData to widgets tools and used them in tests instead encodeURIComponent and decodeURIComponent so there is a single pair of function for data encoding/decoding. Changes in t/11811b test branch.

comment:11 Changed 4 years ago by Piotr Jasiun

Status: review_failedreview

comment:12 Changed 4 years ago by Piotrek Koszuliński

Status: reviewreview_passed

I force pushed rebased branches plus I added one additional commit in tests.

comment:13 Changed 4 years ago by Piotr Jasiun

Resolution: fixed
Status: review_passedclosed
Note: See TracTickets for help on using tickets.
© 2003 – 2017 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy