Opened 7 years ago

Closed 7 years ago

#8927 closed Bug (invalid)

Embed code is encoded if properties/attributes contain double quote (")

Reported by: Kristian F. Schmidt Owned by:
Priority: Normal Milestone:
Component: General Version: 3.6.4
Keywords: Cc: kristian.schmidt@…

Description

I tested this on today's nightly build (7478).

Browser: FF 11 OS: Win7

Steps to reproduce: # Copy some flash object HTML (e.g. a youtube movie using their old embed syntax). See example A below. # Choose source view in CKEditor # Paste the embed HTML code # Exit source view and right click the "flash box" and choose properties # Enter some text containing a double quote in a property (e.g. input [hi"ho] in the ID field ) # Save and edit again (i.e. render the HTML page with the input) . # Go to source view. # The HTML is encoded.

<object height="315" id="hi&quot;ho" width="420"><param name="quality" value="high" /><param name="allowScriptAccess" value="always" /><param name="movie" value="http://www.youtube.com/v/QPgqfnKG_T4?version=3&amp;hl=en_GB&amp;rel=0" /><param name="allowscriptaccess" value="always" /><embed allowscriptaccess="always" height="315" quality="high" src="http://www.youtube.com/v/QPgqfnKG_T4?version=3&amp;hl=en_GB&amp;rel=0" type="application/x-shockwave-flash" width="420"></embed></object>

If I look at the page source of the page it is embedded in (the page that contains the CKEditor) it the HTML looks like this:

<textarea id="Text" name="Text" rows="2" cols="2" tabindex="2">&lt;p&gt;&lt;object height="315" id="hi&quot;ho" width="420"&gt;&lt;param name="quality" value="high" /&gt;&lt;param name="allowScriptAccess" value="always" /&gt;&lt;param name="movie" value="http://www.youtube.com/v/QPgqfnKG_T4?version=3&amp;hl=en_GB&amp;rel=0" /&gt;&lt;param name="allowscriptaccess" value="always" /&gt;&lt;embed allowscriptaccess="always" height="315" quality="high" src="http://www.youtube.com/v/QPgqfnKG_T4?version=3&amp;hl=en_GB&amp;rel=0" type="application/x-shockwave-flash" width="420"&gt;&lt;/embed&gt;&lt;/object&gt;&lt;/p&gt;</textarea>

Normally the CKEditor would interpret the content of the textarea above as HTML, but when you include the double quote in an attribute such as in the ID above, it just renders it quoted. I've compared it with embed code that is rendered correctly to make sure the error is not happening before rendering in the CKEditor.

Attachments (2)

CK_flash2_source.PNG (27.7 KB) - added by Kristian F. Schmidt 7 years ago.
Garbled source
CK_flash1.PNG (11.2 KB) - added by Kristian F. Schmidt 7 years ago.

Download all attachments as: .zip

Change History (4)

Changed 7 years ago by Kristian F. Schmidt

Attachment: CK_flash2_source.PNG added

Garbled source

Changed 7 years ago by Kristian F. Schmidt

Attachment: CK_flash1.PNG added

comment:1 Changed 7 years ago by Kristian F. Schmidt

Cc: kristian.schmidt@… added

comment:2 Changed 7 years ago by Kristian F. Schmidt

Resolution: invalid
Status: newclosed

Sorry. Not CKEditors fault, but bad escaping of the output on our side...

Note: See TracTickets for help on using tickets.
© 2003 – 2019 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy