Opened 11 years ago

Closed 7 years ago

#3337 closed Task (fixed)

Protect the content before it is loaded

Reported by: Artur Formella Owned by:
Priority: Normal Milestone:
Component: General Version:
Keywords: Cc:

Description

-Insert in the Source mode:

<p>
<a href="http://dev.fckeditor.net"><img src="http://www.nasa.gov/images/content/60130main_image_feature_182_jwfull.jpg" height=100 /><img height=100 src="http://www.pomorze.yoyo.pl/soczewki/Image-18_2.JPG"  /><img src="http://publish1.absolut.com/helmutlang/content/images/image5.jpg" height=100 /></a>

<img height="18" src="http://www.vision.ee.ethz.ch/~pmueller/images/image-based_procedural_modeling_of_facades__teaser.png" height=100 onclick="alert('test')" />

</p>

-Click on the any picture before it is loaded.

Result: dev.fckeditor.net will be loaded in the editor's iframe.

Expected result: nothing happens.

If you can't reproduce try to turn off browser cache and slow down the Internet.

Change History (3)

comment:1 Changed 11 years ago by Artur Formella

Keywords: Confirmed added

The following code is now safe:

<img height="18" src="http://www.vision.ee.ethz.ch/~pmueller/images/image-based_procedural_modeling_of_facades__teaser.png" height=100 onclick="alert('test')" />

but still there is a problem with:

<p>
<a href="http://dev.fckeditor.net"><img src="http://www.nasa.gov/images/content/60130main_image_feature_182_jwfull.jpg" height=100 /><img height=100 src="http://www.pomorze.yoyo.pl/soczewki/Image-18_2.JPG"  />
<img src="http://publish1.absolut.com/helmutlang/content/images/image5.jpg" height=100 /></a>
</p>

comment:2 Changed 9 years ago by Frederico Caldeira Knabben

Milestone: CKEditor 3.x

Milestone CKEditor 3.x deleted

comment:3 Changed 7 years ago by Jakub Ś

Resolution: fixed
Status: confirmedclosed

It seems that this issue has expired on trunk.

Note: See TracTickets for help on using tickets.
© 2003 – 2019 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy