Opened 8 years ago

Last modified 8 years ago

#14533 confirmed Bug

Selectors passed to CKEDITOR.dom.element.prototype.find are not properly escaped

Reported by: Tomasz Jakut Owned by:
Priority: Normal Milestone:
Component: General Version: 4.5.0
Keywords: Cc:


Steps to reproduce

  1. Open
  2. Click the button located under the editor.

Expected result

The alert with Test is shown.

Actual result

The alert with Error is thrown is shown.

Other details (browser, OS, CKEditor version, installed plugins)

The problem is located inside the getContextualizedSelector function inside core/dom/element.js file. It escapes only the id of the element. The proposed fix could split the selector on all special chars likely to appear in a CSS selector and escapes them separately:

Blocked on #14451 (as it introduces method).

Change History (1)

comment:1 Changed 8 years ago by Tomasz Jakut

Status: newconfirmed
Note: See TracTickets for help on using tickets.
© 2003 – 2022, CKSource sp. z o.o. sp.k. All rights reserved. | Terms of use | Privacy policy