Opened 14 years ago
Closed 13 years ago
#7285 closed Bug (fixed)
ASP.NET: certain configuration options are not properly escaped
Reported by: | Wiktor Walc | Owned by: | kaga |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | Server : ASP.Net | Version: | 3.5.2 |
Keywords: | Cc: |
Description
- FontSizeSizes are marked as an object and thus are not surrounded with quotes.
- StylesSet and ContentsCss may contain a string or an array so it must be surrounded with quotes only when "[]" characters are not detected at the beginning and at the end
- Toolbar property must be prepared also for a JavaScript array, if user enters there something like
[ [ 'Source', '-', 'Bold', 'Italic' ] ]
the ASP.NET control should handle it properly - ProtectedSource must handle properly the situation when user enters the following:
/<\?[\s\S]*?\?>/g /<%[\s\S]*?%>/g /(]+>[\s|\S]*?<\/asp:[^\>]+>)|(]+\/>)/gi
Attachments (4)
Change History (16)
comment:1 Changed 14 years ago by
Status: | new → confirmed |
---|
Changed 14 years ago by
Attachment: | 7285.patch added |
---|
comment:2 Changed 14 years ago by
Owner: | set to kaga |
---|---|
Status: | confirmed → review |
comment:3 Changed 13 years ago by
Status: | review → review_failed |
---|
comment:5 Changed 13 years ago by
Another thing to check while reviewing: http://cksource.com/forums/viewtopic.php?f=6&t=21816
CKEditor1.ContentsCss = "style.css"; <---- doesn't work..
Changed 13 years ago by
Attachment: | 7285_2.patch added |
---|
comment:7 Changed 13 years ago by
Status: | review → review_failed |
---|
The 7285_2.patch contains changes that kaga added to the patch in ticket #7283.
7285_2.patch still needs work, the following problems should be solved:
- It should be possible to assign a string to the Toolbar property. A single word (that does not contain characters like '
|
' or '[]
') should be recognized as a name of the toolbar and should not be converted into an array (see #7558). Currently the only possible string values are "Basic" and "Full" - it is wrong.
- It is impossible to pass a JavaScript array in the stylesSet configuration option.
protected void Page_Load(object sender, EventArgs e) { CKEditor1.StylesSet = "[{ name : 'Strong Emphasis', element : 'strong' },{ name : 'Emphasis', element : 'em' } ]"; }
results in:"stylesSet" : "[{ name : 'Strong Emphasis', element : 'strong' },{ name : 'Emphasis', element : 'em' } ]",
Changed 13 years ago by
Attachment: | 7285_3.patch added |
---|
comment:8 Changed 13 years ago by
Status: | review_failed → review |
---|
comment:9 Changed 13 years ago by
Status: | review → review_failed |
---|
It is now impossible to set toolbar to Bold|Italic
("toolbar" : "Bold|Italic"
is returned).
Note that single word without "|
" should be treated like the name of the toolbar, but word with "|
" should be still treated like before to allow toolbar definitions like:
Bold|Italic|-|NumberedList|BulletedList|-|Link|Unlink|-|About
The rest looks good.
Changed 13 years ago by
Attachment: | 7285_4.patch added |
---|
comment:10 Changed 13 years ago by
Status: | review_failed → review |
---|
comment:11 Changed 13 years ago by
Status: | review → review_passed |
---|
comment:12 Changed 13 years ago by
Resolution: | → fixed |
---|---|
Status: | review_passed → closed |
Fixed with [6709].
It looks like values with square brackets (JavaScript arrays) are now working properly. There are still some other issues though.
I am still unable to set StylesSet to a string, e.g.
mystyles
ormystyles:/editorstyles/styles.js
as explained in the documentation.Both values are displayed in square brackets when viewing the source code of the page, which is not correct:
Another thing that is not working right now but perhaps could be fixed is the
TemplatesFiles
option. It is possible to specify more than one file. However I do not see the possibility to do this in the "Properties" window. I have specified two files by simply entering:Unfortunately, it is transformed into:
Is it possible to output the following:
?