Opened 14 years ago
Closed 13 years ago
#7243 closed Bug (fixed)
Inline Javascript using SRC in the script becomes corrupt on edit
| Reported by: | David Furman | Owned by: | Sa'ar Zac Elias |
|---|---|---|---|
| Priority: | Normal | Milestone: | CKEditor 3.6.2 |
| Component: | Core : Parser | Version: | 3.5.2 |
| Keywords: | Cc: |
Description
This can be reproduced by adding an onmousover (or other inline script) with this content: this.src = 'URL';
If the content is edited after the first save, the editor inserts " data-cke-saved-src='URL'" between "this." and "src" in the code.
This breaks the script, and if edited repeatedly, more and more of these strings are inserted into the code.
Attachments (1)
Change History (9)
comment:1 Changed 14 years ago by
| Component: | General → Core : Parser |
|---|---|
| Keywords: | javascript src data-cke-saved-src removed |
| Status: | new → pending |
comment:2 Changed 14 years ago by
This issue seems to happen in all browsers. The browser that I have personally tested this in and seen the issue are: Chrome 9, Firefox 3.6, IE9 RC, IE 7, IE 8.
Here is HTML to test with:
<p> <img _cke_saved_src="http://blog.internetnews.com/skerner/smk/testpilot.png" alt="" onclick="this.src='http://www.textually.org/tv/archives/images/set3/test-pattern-clock_4767.jpg';" src="http://blog.internetnews.com/skerner/smk/testpilot.png" style="width: 360px; height: 327px;" /></p>
Use that as your existing code; when the editor loads it changes it to this broken code:
<p> <img _cke_saved_src="http://blog.internetnews.com/skerner/smk/testpilot.png" alt="" onclick="this. data-cke-saved-src='http://www.textually.org/tv/archives/images/set3/test-pattern-clock_4767.jpg' src='http://www.textually.org/tv/archives/images/set3/test-pattern-clock_4767.jpg';" src="http://blog.internetnews.com/skerner/smk/testpilot.png" style="width: 360px; height: 327px" /></p>
Notice the extra data-cke-saved- and the extra image url in single quotes. It seems to be a placeholder, however this is also the same code that is submitted and saved when using submitting the form.
comment:3 Changed 14 years ago by
| Status: | pending → confirmed |
|---|
Related forum topic: http://cksource.com/forums/viewtopic.php?f=11&t=21682
Steps to reproduce
- Load the following in source mode:
<p><img onmouseout="this.src='out.png'" onmouseover="this.src='over.png'" src="image.png"></p>
- Switch to wysiwyg mode and back
- Result:
<p><img onmouseout="this. data-cke-saved-src='out.png' src='out.png'" onmouseover="this. data-cke-saved-src='over.png' src='over.png'" src="image.png" /></p>
comment:4 Changed 14 years ago by
| Milestone: | → CKEditor 3.6.2 |
|---|
Issues causing that source code is destroyed should always have higher priority, so targeting it into 3.6.2.
Changed 13 years ago by
| Attachment: | 7243.patch added |
|---|
comment:5 Changed 13 years ago by
| Owner: | set to Sa'ar Zac Elias |
|---|---|
| Status: | confirmed → review |
The best way to fix this is probably to simply skip the inline event handlers.
comment:7 Changed 13 years ago by
| Status: | review → review_passed |
|---|
As for tests, it would be nice to have a proper tt for it, instead of a dt only.
comment:8 Changed 13 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | review_passed → closed |
TT added, run or view source.
Fixed with [7208].
Please add info: