Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#5161 closed Bug (invalid)

Bugg detected when using FF plugin Quick TransLation (qtl) in firefox.

Reported by: Pelle Owned by:
Priority: Normal Milestone:
Component: Core : Pasting Version: FCKeditor 2.6.4
Keywords: Cc:

Description

To recreate the unwanted behaviour do the following:

  • Install the plugin
  • Copy some text
  • Paste it in to the FCK

-View source

I've got the following result:

<qtlend></qtlend> <qtlbar style="padding: 0pt; display: inline; text-align: left; line-height: 100%; background-color: rgb(236, 236, 236); -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -moz-border-radius-bottomright: 3px; -moz-border-radius-bottomleft: 3px; cursor: pointer; z-index: 999; left: 181px; top: 22px; opacity: 0.9;" dir="ltr" id="qtlbar"> <img src="http://www.qtl.co.il/img/copy.png" title="Copy selction" class="qtl" alt="" /><a href="http://www.google.com/search?q=Ballongf%C3%A4rd%20misst%C3%A4nks%20vara%20bluff" target="_blank" title="Search With Google"> <img class="qtl" src="http://www.google.com/favicon.ico" alt="" /></a> <img class="qtl" title="Translate With Babylon" src="http://www.babylon.com/favicon.ico" alt="" /> <iframe style="border: 1px solid rgb(236, 236, 236); display: none; background-color: white;" src="" id="qtlframe"></iframe></qtlbar>

Change History (5)

comment:1 Changed 10 years ago by Alfonso Martínez de Lizarrondo

Milestone: FCKeditor 2.6.6
Resolution: invalid
Status: newclosed

You should report this bug to the authors of that extension as they are the ones injecting that code into the page.

comment:2 Changed 10 years ago by Pelle

Resolution: invalid
Status: closedreopened

I think that you missunderstood what I meant. The code is not injected in the page. I just copy some text and then paste it in the editor. Then when I view source in the editor(not the source code in the page) the below code appears. This should not be possible.

<qtlend></qtlend> <qtlbar style="padding: 0pt; display: inline; text-align: left; line-height: 100%; background-color: rgb(236, 236, 236); -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -moz-border-radius-bottomright: 3px; -moz-border-radius-bottomleft: 3px; cursor: pointer; z-index: 999; left: 181px; top: 22px; opacity: 0.9;" dir="ltr" id="qtlbar"> <img src="http://www.qtl.co.il/img/copy.png" title="Copy selction" class="qtl" alt="" /><a href="http://www.google.com/search?q=Ballongf%C3%A4rd%20misst%C3%A4nks%20vara%20bluff" target="_blank" title="Search With Google"> <img class="qtl" src="http://www.google.com/favicon.ico" alt="" /></a> <img class="qtl" title="Translate With Babylon" src="http://www.babylon.com/favicon.ico" alt="" /> <iframe style="border: 1px solid rgb(236, 236, 236); display: none; background-color: white;" src="" id="qtlframe"></iframe></qtlbar>

comment:3 Changed 10 years ago by Frederico Caldeira Knabben

Resolution: invalid
Status: reopenedclosed

Alfonso is correct. Either on copy or on paste, qtl is manipulating the data, adding its stuff to it. You must agree that CKEditor alone would never include qtl tags into the text.

comment:4 Changed 10 years ago by Pelle

I agree completely, but I thought that there where some kind of protection the stripps unwanted markup.

comment:5 Changed 10 years ago by Frederico Caldeira Knabben

The safer solution is making code cleanup is at server side, when receiving the data. HTML Tidy is a nice option for that. You should never rely on client side cleanup as it's easy to pass it by, sending any kind of data to the server.

Note: See TracTickets for help on using tickets.
© 2003 – 2019 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy