Opened 11 years ago
Closed 11 years ago
#11811 closed Bug (fixed)
Widget's data are not encoded correctly when passed to attribute
| Reported by: | Piotrek Koszuliński | Owned by: | Piotr Jasiun |
|---|---|---|---|
| Priority: | Normal | Milestone: | CKEditor 4.4.1 |
| Component: | General | Version: | 4.3 |
| Keywords: | Cc: |
Description (last modified by )
- Open codesnippet sample.
- Create snippet with
<!--Foo-->content. - Copy it.
- Paste it.
- Results:
- Chrome: OK.
- FF, IE: snippet contains:
{cke_protected_1}.
That's because FF and IE do not encode "<" in attribute values. Chrome does this automatically.
Change History (13)
comment:1 Changed 11 years ago by
| Description: | modified (diff) |
|---|---|
| Status: | new → confirmed |
comment:3 Changed 11 years ago by
| Owner: | set to Piotr Jasiun |
|---|---|
| Status: | confirmed → assigned |
This ticket is definitely related to #11777.
comment:5 Changed 11 years ago by
| Status: | assigned → review |
|---|
Encoding data-cke-widget-data attribute using encodeURIComponent seems to be the best way to fix this issue. Changes in t/11811b and corresponding test branch.
comment:6 Changed 11 years ago by
| Status: | review → review_failed |
|---|
- Please merge these tests to widgetapi.html.
- Do not create unnecessary editor instances. You can register widgets dynamically, and if they have unique names, there won't be conflicts with other tests.
- Correct other widget system tests.
This change revealed a bug in code snippet plugin. I'll create a ticket for it.
comment:8 Changed 11 years ago by
| Status: | review_failed → review |
|---|
I merged tests into widgetapi.html, improved performance and corrected other tests (excluding code snippert tests which will be fixed in #11926). Changes in t/11811b test branch.
comment:9 Changed 11 years ago by
| Status: | review → review_failed |
|---|
You should extract a function calling encodeURIComponent(JSON.stringify(obj)) to widget test tools. That pair cannot be repeated in every related test. What if we change the form again?
comment:10 Changed 11 years ago by
I changed data2Attr and added getAttrData to widgets tools and used them in tests instead encodeURIComponent and decodeURIComponent so there is a single pair of function for data encoding/decoding. Changes in t/11811b test branch.
comment:11 Changed 11 years ago by
| Status: | review_failed → review |
|---|
comment:12 Changed 11 years ago by
| Status: | review → review_passed |
|---|
I force pushed rebased branches plus I added one additional commit in tests.
comment:13 Changed 11 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | review_passed → closed |
- git:edf271d
- tests:ffc89d0
I pushed branch:t/11811 with the simplest solution. Simplest but very locally working, because the real issue is somewhere else. The HTML data processor should not protect comment inside attribute. Unfortunately that may be extremely hard to achieve because of the way how comments protection must work - on HTML string.