Opened 10 years ago

Closed 10 years ago

#3408 closed Bug (fixed)

event handlers are executed in IE and Safari

Reported by: Alfonso Martínez de Lizarrondo Owned by: Artur Formella
Priority: Normal Milestone: CKEditor 3.0
Component: General Version:
Keywords: Confirmed Review+ Cc:

Description

load this in source mode:

<a href="#" onclick="alert(1)">click me</a>

IE and Safari will show the alert when you click the link, meaning that any event handler is being executed while in design view.

Attachments (2)

3408.patch (761 bytes) - added by Artur Formella 10 years ago.
3408_2.patch (582 bytes) - added by Artur Formella 10 years ago.

Download all attachments as: .zip

Change History (9)

comment:1 Changed 10 years ago by Artur Formella

Keywords: Confirmed added
Version: SVN (CKEditor)

comment:2 Changed 10 years ago by Artur Formella

Owner: set to Artur Formella
Status: newassigned

Changed 10 years ago by Artur Formella

Attachment: 3408.patch added

comment:3 Changed 10 years ago by Artur Formella

Keywords: Review? added

comment:4 Changed 10 years ago by Frederico Caldeira Knabben

Keywords: Review- added; Review? removed

The fix is correct, but there is a performance impact on it. We're forcing it making two loops through the attributes, even if we don't want to sort them.

This part of the code must be blazing fast. We actually don't use attribute sorting when loading data into the editor. Even if we'll have a bit more core because of it, the performance benefits must be considered. So, instead of changing that "if" condition, we should instead have the "if ( filter )" case in the else block, inside the "for" loop at line 167.

Changed 10 years ago by Artur Formella

Attachment: 3408_2.patch added

comment:5 Changed 10 years ago by Artur Formella

Keywords: Review? added; Review- removed

comment:6 Changed 10 years ago by Frederico Caldeira Knabben

Keywords: Review+ added; Review? removed

comment:7 Changed 10 years ago by Artur Formella

Resolution: fixed
Status: assignedclosed

Fixed with [3466].

Note: See TracTickets for help on using tickets.
© 2003 – 2019 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy