Opened 7 years ago

Last modified 7 years ago

#9788 confirmed Bug

ASP.NET 3.6.4 & HTMLEncodeOutput=False will not postback correctly

Reported by: Ross Owned by:
Priority: Normal Milestone:
Component: Server : ASP.Net Version:
Keywords: Cc:

Description

In the IPostBackDataHandler.LoadPostData() method, the code will not save the posted value when htmlEncodeOutput=false .

bool IPostBackDataHandler.LoadPostData(string postDataKey, NameValueCollection postCollection)
{
	if (this.config.htmlEncodeOutput)
	{
		string postedValue = HttpUtility.HtmlDecode(postCollection[postDataKey]);
		if (this.Text != postedValue)
		{
			isChanged = true;
			this.Text = postedValue;
			return true;
		}
	}
	return false;
}

Since this is false:

if (this.config.htmlEncodeOutput)

The code will never execute, therefore the value is not saving to:

string postedValue =...
isChanged = true;
this.Text = postedValue;

Change the procedure to the following and it started saving again:

bool IPostBackDataHandler.LoadPostData(string postDataKey, NameValueCollection postCollection)
{
	string postedValue = this.config.htmlEncodeOutput ? HttpUtility.HtmlDecode(postCollection[postDataKey]) : postCollection[postDataKey];
	if (this.Text != postedValue)
	{
		isChanged = true;
		this.Text = postedValue;
		return true;
	}

	return false;
}

The key is that regardless of the htmlencodeoutput value set the post collection saves to the postedValue

string postedValue = this.config.htmlEncodeOutput ? HttpUtility.HtmlDecode(postCollection[postDataKey]) : postCollection[postDataKey];

Please Note, I am using the ASP.NET 3.6.4 code base with the 4.0 version of CKEditor

Change History (2)

comment:1 Changed 7 years ago by Jakub Ś

Component: GeneralServer : ASP.Net
Status: newconfirmed
Version: 4.0

@FhyrDrake thank you for pointing this out.

comment:2 Changed 7 years ago by pdxfreelancer

This appears to have always been how CKEditor.net has worked, looking through the history here: https://dev.ckeditor.com/browser/CKEditor.NET/trunk/CKEditor.NET/CKEditorControl.cs .

But, I agree, it is a problem. I'll share my issue with it.

We've been using CKEditor for a couple years. The htmlEncodeOutput has always been set to true. But, a couple times a week, we get excessively escaped html POSTed, i.e. instead of <div we get amp;lt;div in the HTTP request. So, I've updated to ASP.NET 4.5, which allows to bypass request validation at the control level, rather than the page level, and wanted to allow the CKEditor control to post the raw html in order to pinpoint CKEditor's escape routine as the source of the problem.

But, due to this issue, I cannot get raw html through, since CKEditor.NET is ignoring it.

Note: See TracTickets for help on using tickets.
© 2003 – 2019 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy