We are migrating CKEditor issue tracking to GitHub. Please, use GitHub to report any new issues.

The former tracking system (this website) will still be available in the read-only mode. All issues reported in the past will still be available publicly and can be referenced.

Important: we decided not to transfer all the tickets to GitHub, as many of them are not reproducible anymore or simply no longer requested by the community.
If the issue you are interested in, can be still reproduced in the latest version of CKEditor, feel free to report it again on GitHub.
At the same time please note that issues reported on this website are still taken into consideration when picking up candidates for next milestones.

To report a new issue, go to https://github.com/ckeditor/ckeditor-dev/issues and follow the instructions in the issue template.

Context Navigation

← Previous Ticket
Next Ticket →

Opened 8 years ago

Last modified 8 years ago

#14533 confirmed Bug

Selectors passed to CKEDITOR.dom.element.prototype.find are not properly escaped

Reported by:	Tomasz Jakut	Owned by:
Priority:	Normal	Milestone:
Component:	General	Version:	4.5.0
Keywords:		Cc:

Description

Steps to reproduce

Open https://jsfiddle.net/5487w3gc/3/
Click the button located under the editor.

Expected result

The alert with Test is shown.

Actual result

The alert with Error is thrown is shown.

Other details (browser, OS, CKEditor version, installed plugins)

The problem is located inside the getContextualizedSelector function inside core/dom/element.js file. It escapes only the id of the element. The proposed fix could split the selector on all special chars likely to appear in a CSS selector and escapes them separately: https://gist.github.com/Comandeer/de6c832993a8b9c21b01

Blocked on #14451 (as it introduces CKEDITOR.tools.escapeCss method).

Change History (1)

comment:1 Changed 8 years ago by Tomasz Jakut

Status:	new → confirmed

Note: See TracTickets for help on using tickets.

Download in other formats: