Opened 5 years ago

Last modified 5 years ago

#12353 confirmed Bug

Markup inserted prior to doctype not handled nicely.

Reported by: Marcus Bointon Owned by:
Priority: Normal Milestone:
Component: General Version: 4.0
Keywords: Cc:

Description

Any HTML markup inserted before a doctype or <html> tag is clearly invalid, but the way that CKEditor handles it isn't helpful. Given a doc that starts like this (adapted from your full-page demo page):

<p>hello</p>
<html>
<head>
	<title>CKEditor Full Page Example</title>
</head>
<body>
<h1><img alt="Saturn V carrying Apollo 11" class="right" src="http://c.cksource.com/a/1/img/sample.jpg" /> Apollo 11</h1>
...

It is transformed into this:

<html>
<head>
</head>
<body>
<p>hello</p>
</body>
</html>
<title>CKEditor Full Page Example</title>
<h1><img alt="Saturn V carrying Apollo 11" class="right" src="http://c.cksource.com/a/1/img/sample.jpg" /> Apollo 11</h1>

If you pass this into any HTML sanitisation system (such as htmlpurifier), it will probably strip everything after the closing </html> (trashing nearly all of the document, including all of the original head tag), and renderers may ignore anything after the </html>, though I note that CKEditor does not. I understand the reasoning behind this approach, but it is unlikely that is what the user intended, and it would be better to try something a little more sane first, for example, if there is a <body> tag, move the early markup after that, so the output would become:

<html>
<head>
	<title>CKEditor Full Page Example</title>
</head>
<body>
<p>hello</p>
<h1><img alt="Saturn V carrying Apollo 11" class="right" src="http://c.cksource.com/a/1/img/sample.jpg" /> Apollo 11</h1>
...

If that fails, then fall back to wrapping it in an HTML element. As it stands, moving all the content to after the </html> tag is far more destructive than having content before the <html> tag in the first place!

Change History (1)

comment:1 Changed 5 years ago by Jakub Ś

Status: newconfirmed
Version: 4.4.44.0

This particular problem can be reproduced from CKEditor 4.0.

In CKEditor 4.0 beta code was completely messed up. In CKEditor 3.x result is somewhat different but code is also broken.

Note: See TracTickets for help on using tickets.
© 2003 – 2019 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy