Opened 13 years ago
Closed 13 years ago
#8806 closed Bug (invalid)
Image url not being escaped
| Reported by: | Jeff | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | General | Version: | |
| Keywords: | Cc: |
Description
Version 3.6.1
Open image dialog -> add sample url -> click ok
example URLs:
http://dl.dropbox.com/u/2444329/test-images/{logo}.jpg
http://dl.dropbox.com/u/2444329/test-images/logo image.jpg
http://dl.dropbox.com/u/2444329/test-images/"logo".jpg
http://dl.dropbox.com/u/2444329/test-images/'logo'.jpg
Change History (2)
comment:1 Changed 13 years ago by
comment:2 Changed 13 years ago by
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
This is something that server-side script should handle and not CKEditor.
One of and probably the main reason is that CKEditor could start working incorrectly
(Also mentioned in http://dev.ckeditor.com/ticket/5527#comment:4) E.g. CKEditor would not know if #comment:4 anchor or encoded URL.
@matti thanks for additional comment.
Note: See
TracTickets for help on using
tickets.
If you copy URL from browser it is already escaped:
which are valid URL:s...
When replacing / escaping should end?
http://www.w3schools.com/tags/ref_urlencode.asp
If the dialog would replace { -> with %7B should it replace %7B with %257B? Okay this can be fixed with unescape on dialog open and escape in dialog close but what about # %23 (anchor on page), / %2F (directory) and ? %3F (query string) which have specific meaning while not escaped and can exist in their escaped form in the URL.
For example basic redirection link used by many
http://www.example.com/login.php?success=http%3A%2F%2Fwww.example.com%2Fmembersonly
would become when unescaped for the dialog
http://www.example.com/login.php?success=http://www.example.com/membersonly
and if you want to escape it back things are not so simple anymore since ? could be a result of unescaping too.