Opened 10 years ago
Closed 10 years ago
#12611 closed Bug (duplicate)
Table plugin allows to delete a table that belongs to protected widget code
| Reported by: | jhub | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | UI : Widgets | Version: | 4.4.5 |
| Keywords: | Cc: |
Description
Similar to #11252, but related to tables, not to divs:
Test with a CKEditor that has the widget and table plugins.
Create a widget where the outermost widget element is not a div (like in the simplebox sample) but is instead a table.
For simplicity, this table has a single nested tr and td and in this td there is a div which is the single "editable" of the widget.
Create this widget in the editor and type some text into the editable.
Then right-click this text: The context menu contains menu items for "Delete Table" and "Table Properties", even though you never added a table inside of the editable part of the widget. The table that is referenced by these menu items is the outer widget table, i.e. the table that belongs to the protected widget structure.
Consequently, you can for example select "Delete Table" and this deletes the table from the widget, thus destroying the widget.
Dup of #11252.