Opened 6 years ago

Closed 6 years ago

#7243 closed Bug (fixed)

Inline Javascript using SRC in the script becomes corrupt on edit

Reported by: David Furman Owned by: Sa'ar Zac Elias
Priority: Normal Milestone: CKEditor 3.6.2
Component: Core : Parser Version: 3.5.2
Keywords: Cc:

Description

This can be reproduced by adding an onmousover (or other inline script) with this content: this.src = 'URL';

If the content is edited after the first save, the editor inserts " data-cke-saved-src='URL'" between "this." and "src" in the code.

This breaks the script, and if edited repeatedly, more and more of these strings are inserted into the code.

Attachments (1)

7243.patch (2.2 KB) - added by Sa'ar Zac Elias 6 years ago.

Download all attachments as: .zip

Change History (9)

comment:1 Changed 6 years ago by Krzysztof Studnik

Component: GeneralCore : Parser
Keywords: javascript src data-cke-saved-src removed
Status: newpending

Please add info:

  • browser and OS used
  • more complete sample code, so we could easily reproduce this issue.

comment:2 Changed 6 years ago by David Furman

This issue seems to happen in all browsers. The browser that I have personally tested this in and seen the issue are: Chrome 9, Firefox 3.6, IE9 RC, IE 7, IE 8.

Here is HTML to test with:

<p>
	<img _cke_saved_src="http://blog.internetnews.com/skerner/smk/testpilot.png" alt="" onclick="this.src='http://www.textually.org/tv/archives/images/set3/test-pattern-clock_4767.jpg';" src="http://blog.internetnews.com/skerner/smk/testpilot.png" style="width: 360px; height: 327px;" /></p>

Use that as your existing code; when the editor loads it changes it to this broken code:

<p>
	<img _cke_saved_src="http://blog.internetnews.com/skerner/smk/testpilot.png" alt="" onclick="this. data-cke-saved-src='http://www.textually.org/tv/archives/images/set3/test-pattern-clock_4767.jpg' src='http://www.textually.org/tv/archives/images/set3/test-pattern-clock_4767.jpg';" src="http://blog.internetnews.com/skerner/smk/testpilot.png" style="width: 360px; height: 327px" /></p>

Notice the extra data-cke-saved- and the extra image url in single quotes. It seems to be a placeholder, however this is also the same code that is submitted and saved when using submitting the form.

comment:3 Changed 6 years ago by Wiktor Walc

Status: pendingconfirmed

Related forum topic: http://cksource.com/forums/viewtopic.php?f=11&t=21682

Steps to reproduce

  1. Load the following in source mode:
    <p><img onmouseout="this.src='out.png'" onmouseover="this.src='over.png'" src="image.png"></p>
    
  2. Switch to wysiwyg mode and back
  3. Result:
    <p><img onmouseout="this. data-cke-saved-src='out.png' src='out.png'" onmouseover="this. data-cke-saved-src='over.png' src='over.png'" src="image.png" /></p>
    

comment:4 Changed 6 years ago by Wiktor Walc

Milestone: CKEditor 3.6.2

Issues causing that source code is destroyed should always have higher priority, so targeting it into 3.6.2.

Changed 6 years ago by Sa'ar Zac Elias

Attachment: 7243.patch added

comment:5 Changed 6 years ago by Sa'ar Zac Elias

Owner: set to Sa'ar Zac Elias
Status: confirmedreview

The best way to fix this is probably to simply skip the inline event handlers.

comment:6 Changed 6 years ago by Sa'ar Zac Elias

TC added with [7172].

comment:7 Changed 6 years ago by Frederico Caldeira Knabben

Status: reviewreview_passed

As for tests, it would be nice to have a proper tt for it, instead of a dt only.

comment:8 Changed 6 years ago by Sa'ar Zac Elias

Resolution: fixed
Status: review_passedclosed

TT added, run or view source.
Fixed with [7208].

Note: See TracTickets for help on using tickets.
© 2003 – 2017 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy