Opened 13 years ago
Closed 13 years ago
#8927 closed Bug (invalid)
Embed code is encoded if properties/attributes contain double quote (")
Reported by: | Kristian F. Schmidt | Owned by: | |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | General | Version: | 3.6.4 |
Keywords: | Cc: | kristian.schmidt@… |
Description
I tested this on today's nightly build (7478).
Browser: FF 11 OS: Win7
Steps to reproduce: # Copy some flash object HTML (e.g. a youtube movie using their old embed syntax). See example A below. # Choose source view in CKEditor # Paste the embed HTML code # Exit source view and right click the "flash box" and choose properties # Enter some text containing a double quote in a property (e.g. input [hi"ho] in the ID field ) # Save and edit again (i.e. render the HTML page with the input) . # Go to source view. # The HTML is encoded.
<object height="315" id="hi"ho" width="420"><param name="quality" value="high" /><param name="allowScriptAccess" value="always" /><param name="movie" value="http://www.youtube.com/v/QPgqfnKG_T4?version=3&hl=en_GB&rel=0" /><param name="allowscriptaccess" value="always" /><embed allowscriptaccess="always" height="315" quality="high" src="http://www.youtube.com/v/QPgqfnKG_T4?version=3&hl=en_GB&rel=0" type="application/x-shockwave-flash" width="420"></embed></object>
If I look at the page source of the page it is embedded in (the page that contains the CKEditor) it the HTML looks like this:
<textarea id="Text" name="Text" rows="2" cols="2" tabindex="2"><p><object height="315" id="hi"ho" width="420"><param name="quality" value="high" /><param name="allowScriptAccess" value="always" /><param name="movie" value="http://www.youtube.com/v/QPgqfnKG_T4?version=3&hl=en_GB&rel=0" /><param name="allowscriptaccess" value="always" /><embed allowscriptaccess="always" height="315" quality="high" src="http://www.youtube.com/v/QPgqfnKG_T4?version=3&hl=en_GB&rel=0" type="application/x-shockwave-flash" width="420"></embed></object></p></textarea>
Normally the CKEditor would interpret the content of the textarea above as HTML, but when you include the double quote in an attribute such as in the ID above, it just renders it quoted. I've compared it with embed code that is rendered correctly to make sure the error is not happening before rendering in the CKEditor.
Attachments (2)
Change History (4)
Changed 13 years ago by
Attachment: | CK_flash2_source.PNG added |
---|
Changed 13 years ago by
Attachment: | CK_flash1.PNG added |
---|
comment:1 Changed 13 years ago by
Cc: | kristian.schmidt@… added |
---|
comment:2 Changed 13 years ago by
Resolution: | → invalid |
---|---|
Status: | new → closed |
Sorry. Not CKEditors fault, but bad escaping of the output on our side...
Garbled source