Opened 5 years ago

Closed 4 years ago

#12611 closed Bug (duplicate)

Table plugin allows to delete a table that belongs to protected widget code

Reported by: jhub Owned by:
Priority: Normal Milestone:
Component: UI : Widgets Version: 4.4.5
Keywords: Cc:

Description

Similar to #11252, but related to tables, not to divs:

Test with a CKEditor that has the widget and table plugins.

Create a widget where the outermost widget element is not a div (like in the simplebox sample) but is instead a table.

For simplicity, this table has a single nested tr and td and in this td there is a div which is the single "editable" of the widget.

Create this widget in the editor and type some text into the editable.

Then right-click this text: The context menu contains menu items for "Delete Table" and "Table Properties", even though you never added a table inside of the editable part of the widget. The table that is referenced by these menu items is the outer widget table, i.e. the table that belongs to the protected widget structure.

Consequently, you can for example select "Delete Table" and this deletes the table from the widget, thus destroying the widget.

Change History (1)

comment:1 Changed 4 years ago by Marek Lewandowski

Resolution: duplicate
Status: newclosed

Dup of #11252.

Note: See TracTickets for help on using tickets.
© 2003 – 2019 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy