Removing carriage return invalidates JavaScript

[dreamage]

The following line in FCKEditor.java

String encodedValue = escapeXml(value.replaceAll("((\r?\n)+|\t*)", ""));

remove carriage return, but this can destroy Javascript code entered in FCK if the Javascript use line comments.

For example

a comment here

var i = 2;

• becomes -

a comment var i = 2;

so no more variable declaration.

I don't know what can be done for fix that. Leaving the carriage return in the value attribute of the hidden field seems to be working in IE7 and FF3, but I don't think this is valid XHTML.

[Michael Osipov]

Please attach a file you have problems with. I will investigate that!

[Michael Osipov]

Reporter, are you able to provide a test file? Otherwise this ticket will expire in a couple of days.

[dreamage]

J2EE test project

[dreamage]

I attached a project zip but since the size limit is 256k, I removed FCKEditor files from the project. Just unzip the latest FCKEditor in /src/main/webapp/ and then run the project with maven (mvn jetty:run) and call editor.jsp (​http://127.0.0.1:8080/fckjava-test/editor.jsp) to see the bug.

[Michael Osipov]

dreamage,

I tested your example. It does what you describe but there are some open issues:

1. I hope you are aware that the editor ignores scripts in the loaded documents. I tried alert("hello"); with no result.
2. Do you just load html sites with embedded javascript to alter the HTML tags only?

[dreamage]

Not sure I understand what you mean. I'm not loading scripts in the editor to execute them with FCK. I use FCK as a HTML editor for our content management system, and I want my users to be able to enter some scripts in their HTML content and save them. Theses scripts are going to be rendered on their sites using the CMS.

What is the purpose of removing "\n" anyway ? As I understand, it's because the HTML is stored in a INPUT value attribute and it shouldn't contain carriage return ? IE/FF don't complaint about \n in INPUT value ... but I don't think this is valid XHTML. I looked at the PHP implementation and they don't seem to remove carriage return. I don't what could be done to fix this ... is there other ways to feed FCK with html code beside the INPUT tag ?

Thanks

[Michael Osipov]

Replying to dreamage:

Not sure I understand what you mean. I'm not loading scripts in the editor to execute them with FCK. I use FCK as a HTML editor for our content management system, and I want my users to be able to enter some scripts in their HTML content and save them. Theses scripts are going to be rendered on their sites using the CMS.

Ok, that's what I though you were doing!

What is the purpose of removing "\n" anyway ? As I understand, it's because the HTML is stored in a INPUT value attribute and it shouldn't contain carriage return ? IE/FF don't complaint about \n in INPUT value ... but I don't think this is valid XHTML. I looked at the PHP implementation and they don't seem to remove carriage return. I don't what could be done to fix this ... is there other ways to feed FCK with html code beside the INPUT tag ?

The simple reason was just to reduce the html input into the editor. The more content you provide, the slower the thing gets.

I will address this in the next release of 2.5 and 2.4-SNAPSHOT. Sorry for the inconvenience.

[Michael Osipov]

Fixed against 2.4-SNAPSHOT and 2.5-SNAPSHOT in [2695]

[Michael Osipov]

and [2696]