Opened 16 years ago
Last modified 15 years ago
#4380 new Bug
Listblock: Stylename containing single quote will crash onclick method
| Reported by: | mattis | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | Core : Styles | Version: | |
| Keywords: | Cc: | antony.chandra@… |
Description
When a style contains a single quote in its title, it will crash the listblock.
Offending code (plugins/listblock/plugin.js):
add : function( value, html, title )
{
var pendingHtml = this._.pendingHtml,
id = 'cke_' + CKEDITOR.tools.getNextNumber();
if ( !this._.started )
{
pendingHtml.push( '<ul class=cke_panel_list>' );
this._.started = 1;
}
this._.items[ value ] = id;
pendingHtml.push(
'<li id=', id, ' class=cke_panel_listItem>' +
'<a _cke_focus=1 hidefocus=true' +
' title="', title || value, '"' +
' href="javascript:void(\'', value, '\')"' +
' onclick="CKEDITOR.tools.callFunction(', this._.getClick(), ',\'', value, '\'); return false;">',
html || value,
'</a>' +
'</li>' );
},
As you can see, 'value' is passed verbatim into the pendingHtml array, which doesn't do anything to escape single quotes.
Change History (2)
comment:1 Changed 16 years ago by
| Component: | General → Core : Styles |
|---|
comment:2 Changed 15 years ago by
| Cc: | antony.chandra@… added |
|---|
Note: See
TracTickets for help on using
tickets.
replacing single quotes to its html entity so the ckeditor function call wont break will fix this issue. see the fix below.
Replying to mattis: