Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

#4708 closed New Feature (fixed)

Missing configuration from pre-3.0: HtmlEncodeOutput

Reported by: Christian Jensen Owned by: Garry Yao
Priority: Normal Milestone: CKEditor 3.1
Component: Core : Output Data Version: SVN (CKEditor) - OLD
Keywords: Confirmed Review+ Cc: christian@…

Description

It would appear that the 3.0.1 build does not contain a very important configuration for ASP.NET (and ASP.NET MVC) - the ability to encode the HTML prior to the form submission.

ASP.NET balks at any content being submitted that contains a < and a > with the message "A potentially dangerous Request.Form value was detected from the client"

This functionality was added in #1266 in a prior release.

It is possible to circumvent the issue with setting a "ValidateInput=false" setting however this is set either at the page level or the method level. Ideally this would be as granular as the field in question but those facilities do not exist at this time.

The ideal situation would be to have CKeditor pre-encode the content before submission to the server.

Workarounds available:

Attachments (1)

4708.patch (1.3 KB) - added by Garry Yao 14 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 14 years ago by Frederico Caldeira Knabben

Keywords: Confirmed added
Milestone: CKEditor 3.1
Type: BugNew Feature

Changed 14 years ago by Garry Yao

Attachment: 4708.patch added

comment:2 Changed 14 years ago by Garry Yao

Keywords: Review? added
Owner: set to Garry Yao
Status: newassigned

Ticket Test added at :
http://ckeditor.t/tt/4708/1.html.

comment:3 Changed 14 years ago by Frederico Caldeira Knabben

Keywords: Review+ added; Review? removed

Please transform the new htmlEncodeOutput setting in a documentation only thing when committing.

comment:4 Changed 14 years ago by Garry Yao

Resolution: fixed
Status: assignedclosed

Fixed with [4586] and [4587] at 3.1.x branch.

comment:5 Changed 14 years ago by Alfonso Martínez de Lizarrondo

An additional comment:

I think that this setting was the cause of previous bug reports (in asp.net environments, that's the clue) that when pressing the back button of the browser, FCKeditor showed in design mode the html code.

My thoughts about this problem is that the browser was reloading the latest value of the textarea, and that was the html-encoded value, so this configuration should be paired with the requirement that the original input is also html-encoded (which should be easy to handle if the asp.net server side integration was provided, but it seems that it still isn't ready and people are doing it in their own way).

Just some thoughts...

Note: See TracTickets for help on using tickets.
© 2003 – 2022, CKSource sp. z o.o. sp.k. All rights reserved. | Terms of use | Privacy policy