Ticket #724 (closed Bug: duplicate)

Opened 7 years ago

Last modified 7 years ago

Apostrophes broken in FCKeditor.Java

Reported by: jsampson@… Owned by:
Priority: Normal Milestone:
Component: Server : Java Version:
Keywords: SF Cc: ickata@…, fredck

Description (last modified by martinkou) (diff)

In FCKeditor.Java version 2.3, in the file FCKeditor.java, the HTMLEncode method escapes apostrophes incorrectly. It uses ’, which is actually the Windows Cp1252 encoding of the right single quotation mark character (U+2019). Apostrophe is actually U+0027, or '.

The symptom is that when a text containing apostrophes is edited, the apostrophes are all converted to right single quotation marks at the time of rendering the editor.

My recommendation is to simply not escape apostrophes at all, since the output of this method is never placed inside apostrophes (it's used both as a double-quoted HTML attribute value and as the text content within an HTML element). Simply remove the following line from the HTMLEncode method:

txt=txt.replaceAll("'","’");

Moved from SF:
http://sourceforge.net/tracker/index.php?func=detail&aid=1478711&group_id=75348&atid=543653

Change History

comment:1 Changed 7 years ago by martinkou

  • Cc ickata@…, fredck added
  • Description modified (diff)
  • Reporter changed from martinkou to jsampson@…

Hi Justin,

Confirmed. That line is not necessary and must be removed.

Best regards, Frederico Caldeira Knabben


http://www.fckeditor.net "Support Open Source Software... What about a donation today?"


Moved from SF. Original poster: fredck

No, ' isn't valid in HTML -- it's only valid in XML (including XHTML). It should be either ' or no replacement.

If you're having problems in MySQL, that's a totally separate issue. You should be escaping all strings at the time you put them into the query! Don't expect upstream libraries to do the wrong thing to fix brokenness in other parts of your code. What if there's an apostrophe in the text content of the HTML?


Moved from SF. Original poster: jsampson

Well, if it is not replaced it causes problems when inserting the string to a MySQL query. Now, in version 2.3 the APOSTROPHE is not encoded, so it causes problems. I think that it should be encoded to '


Moved from SF. Original poster: ickata

comment:2 Changed 7 years ago by alfonsoml

  • Status changed from new to closed
  • Component changed from General to Server : Java
  • Resolution set to duplicate

dup of #695

Note: See TracTickets for help on using tickets.
© 2003 – 2012 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy