Opened 8 years ago

Closed 8 years ago

#14917 closed Bug (wontfix)

"generateToken()": IE11 support + potential bug Safari 5-

Reported by: ARuben Consulting Owned by:
Priority: Normal Milestone:
Component: General Version:
Keywords: Cc:

Description

Hi,

I notice a potential bug in "tools.generateToken()" for Safari 5-:

  • according to "developer.mozilla.org", the typed array 'Uint8Array' is available in Safari 5.1+, and 'window.crypto.getRandomValues' in Safari 3.1+, but the function "tools.generateToken()" creates a 'New Uint8Array' array if 'getRandomValues' exist, assuming that the 2 are available.
  • but according to "caniuse.com", there is no problem because 'getRandomValues' is available since Safari 6+.

I don't have a Safari 3.1 to 5 to test. So I don't confirm the bug.

Solution:

Add the test: " && typeof Uint8Array !== 'undefined' "

Before: 

if ( window.crypto && window.crypto.getRandomValues ) {

After: 

if ( window.crypto && window.crypto.getRandomValues && typeof Uint8Array !== 'undefined' ) {

Enhancement for IE11:

You can also support MS IE11 crypto librairy: msCrypto.

So, before: 

if ( window.crypto && window.crypto.getRandomValues ) {
	randValues = new Uint8Array( length );
	window.crypto.getRandomValues( randValues );
} else {

and after: 

var cryp = window.crypto || window.msCrypto;
if ( cryp && cryp.getRandomValues && typeof Uint8Array !== 'undefined' ) {
	randValues = new Uint8Array( length );
	cryp.getRandomValues( randValues );
} else {

Thanks,

ARuben

Change History (3)

comment:1 Changed 8 years ago by Jakub Ś

Status: newpending
Version: 4.5.11
  1. We don't support Safari 5 anymore.
  2. How can we reproduce this issue in default CKEditor? What are the steps to reproduce this issue with default full package for example?

comment:2 Changed 8 years ago by ARuben Consulting

Hi,

Case Safari 5

Well, if Safari 5 is no more supported, so this potential bug is useless.

Steps to reproduce

  1. Activate the filebrowser plugin (only config is need, it's not necessary to have the target php files on the server)
  2. Open an editor with Safari 5.0
  3. Try to upload to the server a file (by exemple, using the image plugin)

Expected result

According to "developer.mozilla.org", step 3 throws a js error because Uint8Array is undefined. But for "caniuse.com", no!

I don't have any Safari to test.

What to do ?

Even if this bug doesn't occur, it's more robust to put in the code " && typeof Uint8Array !== 'undefined' "

As you want.

.

Case IE11

Perhaps it's better to open another ticket in "task" mode?

Thanks,

Ruben

comment:3 Changed 8 years ago by Jakub Ś

Resolution: wontfix
Status: pendingclosed

@ARuben if we don't support Safari 5- anymore, it doesn't make sense to put this code into editor. As for the IE11, please report it as a new feature request (not a new task) with a detailed explanation if possible. Please remember the better description you provide the better the chance issue will be accepted.

I'm closing the ticket for Safari.

Note: See TracTickets for help on using tickets.
© 2003 – 2022, CKSource sp. z o.o. sp.k. All rights reserved. | Terms of use | Privacy policy