Opened 9 years ago
Last modified 9 years ago
#14533 confirmed Bug
Selectors passed to CKEDITOR.dom.element.prototype.find are not properly escaped
Reported by: | Tomasz Jakut | Owned by: | |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | General | Version: | 4.5.0 |
Keywords: | Cc: |
Description
Steps to reproduce
- Open https://jsfiddle.net/5487w3gc/3/
- Click the button located under the editor.
Expected result
The alert with Test
is shown.
Actual result
The alert with Error is thrown
is shown.
Other details (browser, OS, CKEditor version, installed plugins)
The problem is located inside the getContextualizedSelector
function inside core/dom/element.js
file. It escapes only the id of the element. The proposed fix could split the selector on all special chars likely to appear in a CSS selector and escapes them separately: https://gist.github.com/Comandeer/de6c832993a8b9c21b01
Blocked on #14451 (as it introduces CKEDITOR.tools.escapeCss
method).