Opened 17 years ago
Closed 17 years ago
#1931 closed Bug (invalid)
[FF] ProtectedSource config doesn't work properly inside attributes
Reported by: | fournaise | Owned by: | |
---|---|---|---|
Priority: | Normal | Milestone: | FCKeditor 2.6.3 |
Component: | General | Version: | FCKeditor 2.6 Beta |
Keywords: | Confirmed | Cc: |
Description (last modified by )
When using Smarty protection source in FCKEditor 2.6beta :
FCKConfig.ProtectedSource.Add( /<\{[\s\S]*?\}>/g ); FCKConfig.ProcessHTMLEntities = false ; //true
The following code is broken when swithing between wysiwyg/source edition :
<p><a href="{if $a=1}url1.htm{else}url2.htm{/if}">TEST</a></p> <p>{if $a=1}url1.htm{else}url2.htm{/if}</p>
become :
<p><a href="%7Bif%20$a=1%7Durl1.htm%7Belse%7Durl2.htm%7B/if%7D">TEST</a></p> <p>{if $a=1}url1.htm{else}url2.htm{/if}</p>
conclusion: Smarty code is protected only in tag and not in attribute.
Is it a bug ? how to avoid this behavior ?
Change History (14)
comment:1 Changed 17 years ago by
comment:2 Changed 17 years ago by
Description: | modified (diff) |
---|---|
Milestone: | FCKeditor 2.6 |
Summary: | [2.6beta] ProtectedSource config doesn't work properly with Smarty → ProtectedSource config doesn't work properly inside attributes |
comment:3 Changed 17 years ago by
Keywords: | Confirmed Firefox added |
---|---|
Summary: | ProtectedSource config doesn't work properly inside attributes → [FF] ProtectedSource config doesn't work properly inside attributes |
Version: | → FCKeditor 2.6 Beta |
Confirmed in Firefox. Works fine with IE. This bug didn't occur in 2.5.1. It only occurs in 2.6 beta and the SVN version.
comment:4 Changed 17 years ago by
Double quote in protected source is broken:
example:
<a href="{if $a="1"}bla.html{/if}">TEST</a>
become: IE => <a href="{if $a=">TEST</a> FF => <a href="%7Bif%20$a=">TEST</a>
comment:5 Changed 17 years ago by
Milestone: | → FCKeditor 2.6.1 |
---|
comment:6 Changed 17 years ago by
Resolution: | → worksforme |
---|---|
Status: | new → closed |
I've reviewed the bug with stable 2.6 and the latest SVN version and it didn't occur to me. I assume that it was fixed by another patch.
comment:7 Changed 17 years ago by
Resolution: | worksforme |
---|---|
Status: | closed → reopened |
Hi, the problem is not solved in the latest snapshot 29/04/08; Please check my test page : http://frederic.fournaise.free.fr/fckeditor/
frederic
comment:8 Changed 17 years ago by
Keywords: | Pending WorksForMe added; Confirmed Firefox removed |
---|
I've copied your configuration file from the sample page you have provided and applied it to my local version and the bug still didn't occur to me both on IE and FF2 using FCKeditor 2.6 and the latest SVN version.
comment:9 Changed 17 years ago by
That demo page is wrong. it's pointing to a bad location for the config.js file and it gets a 404 error.
When some source is protected you can't see it all, so the first line in the editor shows that it isn't being applied.
comment:10 Changed 17 years ago by
I've done some tests with the SVN trunk with IE, FF and Safari, and it seems to be ok.
I guess the bug reporter had some old .js files cached in his browser?
comment:11 Changed 17 years ago by
Hello, I have updated my page with the latest revision in trunk. Please check my problem with special chars in protected source zone : http://frederic.fournaise.free.fr/fckeditor/
comment:12 Changed 17 years ago by
Confirmed the bug, but your case is a problematic one - symbols like &, < and > are disallowed in XHTML element attributes and so from the standpoint of an HTML editor FCKeditor is actually doing the right thing by converting your symbols to &, < and >. Maybe we could add a configuration directive to override that behavior for Smarty users.
comment:13 Changed 17 years ago by
Keywords: | Confirmed added; Pending WorksForMe removed |
---|
comment:14 Changed 17 years ago by
Resolution: | → invalid |
---|---|
Status: | reopened → closed |
Sorry we won't be really "fixing" this in our next release as a fix for it would mean we're allowing invalid HTML to be written in FCKeditor. The code snippet you gave in your example is seriously broken if it is parsed without a Smarty parser:
Go to this address <a href="{if ($a>0 && $b=="test"}go.html{else}error.html{/if})">my address</a>
Even ignoring the > and & signs in the attribute values, the placements of the double quotes themselves are already turning the <a href="..."> tag into something totally incomprehensible to any HTML or XML parser.
However, you can fix the problem for yourself by adding a ProtectedSource entry in fckconfig.js:
FCKConfig.ProtectedSource.Add( /{.*?}/g ) ;
The problem occurs only with src and href attributes.