Opened 12 years ago

Closed 12 years ago

#8806 closed Bug (invalid)

Image url not being escaped

Reported by: Jeff Owned by:
Priority: Normal Milestone:
Component: General Version:
Keywords: Cc:


Version 3.6.1

Open image dialog -> add sample url -> click ok

example URLs:{logo}.jpg image.jpg"logo".jpg'logo'.jpg

Change History (2)

comment:1 Changed 12 years ago by Matti Järvinen

If you copy URL from browser it is already escaped:

which are valid URL:s...

When replacing / escaping should end?

/ = %2F 
: = %3A
# = %23
% = %25
? = %3F

If the dialog would replace { -> with %7B should it replace %7B with %257B? Okay this can be fixed with unescape on dialog open and escape in dialog close but what about # %23 (anchor on page), / %2F (directory) and ? %3F (query string) which have specific meaning while not escaped and can exist in their escaped form in the URL.

For example basic redirection link used by many

would become when unescaped for the dialog

and if you want to escape it back things are not so simple anymore since ? could be a result of unescaping too.

comment:2 Changed 12 years ago by Jakub Ś

Resolution: invalid
Status: newclosed

This is something that server-side script should handle and not CKEditor.

One of and probably the main reason is that CKEditor could start working incorrectly (Also mentioned in E.g. CKEditor would not know if #comment:4 anchor or encoded URL.

@matti thanks for additional comment.

Note: See TracTickets for help on using tickets.
© 2003 – 2022, CKSource sp. z o.o. sp.k. All rights reserved. | Terms of use | Privacy policy