Opened 16 years ago

Last modified 16 years ago

#1908 closed Bug

HtmlEncodeOutput unescapes incorrectly on some strings — at Initial Version

Reported by: Aaron Owned by:
Priority: Normal Milestone: FCKeditor 2.6.1
Component: Server : ASP.Net Version: SVN (FCKeditor) - Retired
Keywords: HasPatch Review+ Cc:

Description

In FCKeditor.LoadPostData() the code that handles reverting the HtmlEncodeOutput changes does not work properly for strings that contain "&amp;lt;" or "&amp;gt;". The current code replaces '&amp;' before '&lt;' and '&gt;' which causes the strings mentioned to be converted to '<' and '>' respectively. What should happen is that the '&amp;' replacement should happen after the '&lt;' and '&gt;' replacement. This allows the strings to be converted to '&lt;' and '&gt;' which I believe is the proper decoding.

Here is a patch that fixes this problem. Index: FCKeditor.cs =================================================================== --- FCKeditor.cs (revision 1585) +++ FCKeditor.cs (working copy) @@ -456,9 +456,9 @@

Revert the HtmlEncodeOutput changes. if ( this.ConfigHtmlEncodeOutput? != "false" ) {

  • postedValue = postedValue.Replace( "&amp;", "&" ) ;

postedValue = postedValue.Replace( "&lt;", "<" ) ; postedValue = postedValue.Replace( "&gt;", ">" ) ;

+ postedValue = postedValue.Replace("&amp;", "&");

}

if ( postedValue != this.Value )

Change History (0)

Note: See TracTickets for help on using tickets.
© 2003 – 2022, CKSource sp. z o.o. sp.k. All rights reserved. | Terms of use | Privacy policy