Opened 13 years ago
Closed 11 years ago
#8674 closed Bug (fixed)
"data-cke-saved-src" is inserted and corrupt the source
| Reported by: | usami | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | Core : Parser | Version: | 3.0 |
| Keywords: | Cc: |
Description
- At the Demo site, put image and enter following text to Alternative Text in Image Properties.
>"'><img src="javascript:alert('Test')">
- Go to source mode and switch back to wysiwyg mode.
- Open Image Properties and see the Alternative Text. It became like following.
>"'><img data-cke-saved-src="javascript:alert( src="javascript:alert('Test')">
This issue is similar to this ticket (http://dev.ckeditor.com/ticket/7243), but still causing on CKEditor 3.6.2. and Demo site.
Change History (2)
comment:1 Changed 13 years ago by
| Component: | General → Core : Parser |
|---|---|
| Status: | new → confirmed |
| Version: | → 3.0 |
comment:2 Changed 11 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | confirmed → closed |
I cannot reproduce this any more.
Note: See
TracTickets for help on using
tickets.
The above TC can be reproduced from CKEditor 3.0 but a single change (text doesn’t grow rapidly when switching modes) from
>"'><img src="javascript:alert('Test')">to
>"'><img data-cke-saved-src="javascript:alert( src="javascript:alert('Test')">can be observed from CKEditor 3.4.1