Opened 10 years ago

Closed 9 years ago

#1931 closed Bug (invalid)

[FF] ProtectedSource config doesn't work properly inside attributes

Reported by: fournaise Owned by:
Priority: Normal Milestone: FCKeditor 2.6.3
Component: General Version: FCKeditor 2.6 Beta
Keywords: Confirmed Cc:

Description (last modified by Frederico Caldeira Knabben)

When using Smarty protection source in FCKEditor 2.6beta :

FCKConfig.ProtectedSource.Add( /<\{[\s\S]*?\}>/g );
FCKConfig.ProcessHTMLEntities	= false ; //true

The following code is broken when swithing between wysiwyg/source edition :

<p><a href="{if $a=1}url1.htm{else}url2.htm{/if}">TEST</a></p>
<p>{if $a=1}url1.htm{else}url2.htm{/if}</p>

become :

<p><a href="%7Bif%20$a=1%7Durl1.htm%7Belse%7Durl2.htm%7B/if%7D">TEST</a></p>
<p>{if $a=1}url1.htm{else}url2.htm{/if}</p>

conclusion: Smarty code is protected only in tag and not in attribute.

Is it a bug ? how to avoid this behavior ?

Change History (14)

comment:1 Changed 10 years ago by fournaise

The problem occurs only with src and href attributes.

comment:2 Changed 10 years ago by Frederico Caldeira Knabben

Description: modified (diff)
Milestone: FCKeditor 2.6
Summary: [2.6beta] ProtectedSource config doesn't work properly with SmartyProtectedSource config doesn't work properly inside attributes

comment:3 Changed 10 years ago by Wojciech Olchawa

Keywords: Confirmed Firefox added
Summary: ProtectedSource config doesn't work properly inside attributes[FF] ProtectedSource config doesn't work properly inside attributes
Version: FCKeditor 2.6 Beta

Confirmed in Firefox. Works fine with IE. This bug didn't occur in 2.5.1. It only occurs in 2.6 beta and the SVN version.

comment:4 Changed 10 years ago by fournaise

Double quote in protected source is broken:

example:

<a href="{if $a="1"}bla.html{/if}">TEST</a>

become: IE => <a href="{if $a=">TEST</a> FF => <a href="%7Bif%20$a=">TEST</a>

comment:5 Changed 10 years ago by Frederico Caldeira Knabben

Milestone: FCKeditor 2.6.1

comment:6 Changed 10 years ago by Wojciech Olchawa

Resolution: worksforme
Status: newclosed

I've reviewed the bug with stable 2.6 and the latest SVN version and it didn't occur to me. I assume that it was fixed by another patch.

comment:7 Changed 10 years ago by fournaise

Resolution: worksforme
Status: closedreopened

Hi, the problem is not solved in the latest snapshot 29/04/08; Please check my test page : http://frederic.fournaise.free.fr/fckeditor/

frederic

comment:8 Changed 10 years ago by Wojciech Olchawa

Keywords: Pending WorksForMe added; Confirmed Firefox removed

I've copied your configuration file from the sample page you have provided and applied it to my local version and the bug still didn't occur to me both on IE and FF2 using FCKeditor 2.6 and the latest SVN version.

comment:9 Changed 10 years ago by Alfonso Martínez de Lizarrondo

That demo page is wrong. it's pointing to a bad location for the config.js file and it gets a 404 error.

When some source is protected you can't see it all, so the first line in the editor shows that it isn't being applied.

comment:10 Changed 9 years ago by Martin Kou

I've done some tests with the SVN trunk with IE, FF and Safari, and it seems to be ok.

I guess the bug reporter had some old .js files cached in his browser?

comment:11 Changed 9 years ago by fournaise

Hello, I have updated my page with the latest revision in trunk. Please check my problem with special chars in protected source zone : http://frederic.fournaise.free.fr/fckeditor/

comment:12 Changed 9 years ago by Martin Kou

Confirmed the bug, but your case is a problematic one - symbols like &, < and > are disallowed in XHTML element attributes and so from the standpoint of an HTML editor FCKeditor is actually doing the right thing by converting your symbols to &amp;, &lt; and &gt;. Maybe we could add a configuration directive to override that behavior for Smarty users.

comment:13 Changed 9 years ago by Martin Kou

Keywords: Confirmed added; Pending WorksForMe removed

comment:14 Changed 9 years ago by Martin Kou

Resolution: invalid
Status: reopenedclosed

Sorry we won't be really "fixing" this in our next release as a fix for it would mean we're allowing invalid HTML to be written in FCKeditor. The code snippet you gave in your example is seriously broken if it is parsed without a Smarty parser:

Go to this address <a href="{if ($a>0 && $b=="test"}go.html{else}error.html{/if})">my address</a>

Even ignoring the > and & signs in the attribute values, the placements of the double quotes themselves are already turning the <a href="..."> tag into something totally incomprehensible to any HTML or XML parser.

However, you can fix the problem for yourself by adding a ProtectedSource entry in fckconfig.js:

FCKConfig.ProtectedSource.Add( /{.*?}/g ) ;
Note: See TracTickets for help on using tickets.
© 2003 – 2017 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy