id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
1908	HtmlEncodeOutput unescapes incorrectly on some strings	Aaron	Alfonso Martínez de Lizarrondo	"In FCKeditor.LoadPostData() the code that handles reverting the HtmlEncodeOutput changes does not work properly for strings that contain ""&amp;lt;"" or ""&amp;gt;"".
The current code replaces '&amp;' before '&lt;' and '&gt;' which causes the strings
mentioned to be converted to '<' and '>' respectively. What should happen is that the '&amp;' replacement should happen after the '&lt;' and '&gt;' replacement. This allows the strings to be converted to '&lt;' and '&gt;' which I believe is the proper decoding.

Here is a patch that fixes this problem.
{{{
Index: FCKeditor.cs
===================================================================
--- FCKeditor.cs        (revision 1585)
+++ FCKeditor.cs        (working copy)
@@ -456,9 +456,9 @@
                        // Revert the HtmlEncodeOutput changes.
                        if ( this.Config[""HtmlEncodeOutput""] != ""false"" )
                        {
-                               postedValue = postedValue.Replace( ""&amp;"", ""&"" ) ;
                                postedValue = postedValue.Replace( ""&lt;"", ""<"" ) ;
                                postedValue = postedValue.Replace( ""&gt;"", "">"" ) ;
+                               postedValue = postedValue.Replace(""&amp;"", ""&"");
                        }

                        if ( postedValue != this.Value )
}}}"	Bug	closed	Normal	FCKeditor 2.6.1	Server : ASP.Net	SVN (FCKeditor) - Retired	fixed	HasPatch Review+