Skip to content
Permalink
Browse files

Merge branch 't/10165'

  • Loading branch information...
oleq committed May 29, 2013
2 parents 929f6ab + d3afa90 commit 70fbb8d0fa3db7c3b6f59978b6930e11dc3cd1a3
@@ -12,6 +12,7 @@ CKEditor 4 Changelog
* [#6504](http://dev.ckeditor.com/ticket/6504): Resolved race condition while loading several customConfig files.
* [#10298](http://dev.ckeditor.com/ticket/10298): Data processor breaks attributes containing protected parts.
* [#9945](http://dev.ckeditor.com/ticket/9945): [iOS] Scrolling not possible on iPad.
* [#10165](http://dev.ckeditor.com/ticket/10165): [IE] Access denied error if document.domain has been altered.

## CKEditor 4.1.1

@@ -261,7 +261,12 @@ CKEDITOR.tools.extend( CKEDITOR.dom.document.prototype, {
this.$.open( 'text/html', 'replace' );

// Support for custom document.domain in IE.
CKEDITOR.env.isCustomDomain() && ( this.$.domain = document.domain );
//
// The script must be appended because if placed before the
// doctype, IE will go into quirks mode and mess with
// the editable, e.g. by changing its default height.
if ( CKEDITOR.env.ie )
html = html.replace( /(?:^\s*<!DOCTYPE[^>]*?>)|^/i, '$&\n<script data-cke-temp="1">(' + CKEDITOR.tools.fixDomain + ')();</script>' );

this.$.write( html );
this.$.close();
@@ -109,6 +109,7 @@ if ( !CKEDITOR.env ) {
* alert( 'I\'m in a custom domain!' );
*
* @returns {Boolean} `true` if a custom domain is enabled.
* @deprecated
*/
isCustomDomain: function() {
if ( !this.ie )
@@ -971,6 +971,45 @@
obj[ arr[ i ] ] = fillWith;

return obj;
},

/**
* Tries to fix the document.domain of the current document to match the
* parent window domain, avoiding "Same Origin" policy issues.
* This is a IE only requirement.
*
* @since 4.1.2
* @returns {boolean} True if the current domain is already good or if
* it has been fixed successfully.
*/
fixDomain: function() {
var domain;

while( 1 ) {
try {
// Try to access the parent document. It throws
// "access denied" if restricted by the "Same Origin" policy.
domain = parent.document.domain;
return true;
} catch ( e ) {
// Calculate the value to set to document.domain.
domain = domain ?

// If it is not the first pass, strip one part of the
// name. E.g. "test.example.com" => "example.com"
domain.replace( /.+?(?:\.|$)/, '' ) :

// In the first pass, we'll handle the
// "document.domain = document.domain" case.
document.domain;

// Stop here if there is no more domain parts available.
if ( !domain )
return false;

document.domain = domain;
}
}
}
};
})();
@@ -5,7 +5,6 @@

CKEDITOR.dialog.add( 'paste', function( editor ) {
var lang = editor.lang.clipboard;
var isCustomDomain = CKEDITOR.env.isCustomDomain();

function onPasteFrameLoad( win ) {
var doc = new CKEDITOR.dom.document( win.document ),
@@ -130,12 +129,12 @@ CKEDITOR.dialog.add( 'paste', function( editor ) {
var src =
CKEDITOR.env.air ?
'javascript:void(0)' :
isCustomDomain ?
'javascript:void((function(){' +
CKEDITOR.env.ie ?
'javascript:void((function(){' + encodeURIComponent(
'document.open();' +
'document.domain=\'' + document.domain + '\';' +
'document.close();' +
'})())"'
'(' + CKEDITOR.tools.fixDomain + ')();' +
'document.close();'
) + '})())"'
: '';

var iframe = CKEDITOR.dom.element.createFromHtml( '<iframe' +
@@ -172,7 +171,11 @@ CKEDITOR.dialog.add( 'paste', function( editor ) {
if ( CKEDITOR.env.ie ) {
var focusGrabber = CKEDITOR.dom.element.createFromHtml( '<span tabindex="-1" style="position:absolute" role="presentation"></span>' );
focusGrabber.on( 'focus', function() {
iframe.$.contentWindow.focus();
// Since fixDomain is called in src attribute,
// IE needs some slight delay to correctly move focus.
setTimeout( function() {
iframe.$.contentWindow.focus();
});
});
container.append( focusGrabber );

@@ -161,8 +161,7 @@ CKEDITOR.DIALOG_RESIZE_BOTH = 3;

// IFrame shim for dialog that masks activeX in IE. (#7619)
if ( CKEDITOR.env.ie && !CKEDITOR.env.ie6Compat ) {
var isCustomDomain = CKEDITOR.env.isCustomDomain(),
src = 'javascript:void(function(){' + encodeURIComponent( 'document.open();' + ( isCustomDomain ? ( 'document.domain="' + document.domain + '";' ) : '' ) + 'document.close();' ) + '}())',
var src = 'javascript:void(function(){' + encodeURIComponent( 'document.open();(' + CKEDITOR.tools.fixDomain + ')();document.close();' ) + '}())',
iframe = CKEDITOR.dom.element.createFromHtml( '<iframe' +
' frameBorder="0"' +
' class="cke_iframe_shim"' +
@@ -1976,21 +1975,21 @@ CKEDITOR.DIALOG_RESIZE_BOTH = 3;

if ( CKEDITOR.env.ie6Compat ) {
// Support for custom document.domain in IE.
var isCustomDomain = CKEDITOR.env.isCustomDomain(),
iframeHtml = '<html><body style=\\\'background-color:' + backgroundColorStyle + ';\\\'></body></html>';
var iframeHtml = '<html><body style=\\\'background-color:' + backgroundColorStyle + ';\\\'></body></html>';

html.push( '<iframe' +
' hidefocus="true"' +
' frameborder="0"' +
' id="cke_dialog_background_iframe"' +
' src="javascript:' );

html.push( 'void((function(){' +
html.push( 'void((function(){' + encodeURIComponent(
'document.open();' +
( isCustomDomain ? 'document.domain=\'' + document.domain + '\';' : '' ) +
// Support for custom document.domain in IE.
'(' + CKEDITOR.tools.fixDomain + ')();' +
'document.write( \'' + iframeHtml + '\' );' +
'document.close();' +
'})())' );
'document.close();'
) + '})())' );

html.push( '"' +
' style="' +
@@ -592,9 +592,6 @@ CKEDITOR.plugins.add( 'dialogui', {
var innerHTML = function() {
_.frameId = CKEDITOR.tools.getNextId() + '_fileInput';

// Support for custom document.domain in IE.
var isCustomDomain = CKEDITOR.env.isCustomDomain();

var html = [
'<iframe' +
' frameborder="0"' +
@@ -605,11 +602,13 @@ CKEDITOR.plugins.add( 'dialogui', {
' title="', elementDefinition.label, '"' +
' src="javascript:void(' ];

html.push( isCustomDomain ? '(function(){' +
'document.open();' +
'document.domain=\'' + document.domain + '\';' +
'document.close();' +
'})()'
// Support for custom document.domain on IE. (#10165)
html.push( CKEDITOR.env.ie ?
'(function(){' + encodeURIComponent(
'document.open();' +
'(' + CKEDITOR.tools.fixDomain + ')();' +
'document.close();'
) + '})()'
:
'0' );

@@ -1256,33 +1255,36 @@ CKEDITOR.plugins.add( 'dialogui', {
function generateFormField() {
frameDocument.$.open();

// Support for custom document.domain in IE.
if ( CKEDITOR.env.isCustomDomain() )
frameDocument.$.domain = document.domain;

var size = '';
if ( elementDefinition.size )
size = elementDefinition.size - ( CKEDITOR.env.ie ? 7 : 0 ); // "Browse" button is bigger in IE.

var inputId = _.frameId + '_input';

frameDocument.$.write( [ '<html dir="' + langDir + '" lang="' + langCode + '"><head><title></title></head><body style="margin: 0; overflow: hidden; background: transparent;">',
'<form enctype="multipart/form-data" method="POST" dir="' + langDir + '" lang="' + langCode + '" action="',
CKEDITOR.tools.htmlEncode( elementDefinition.action ),
'">',
// Replicate the field label inside of iframe.
'<label id="', _.labelId, '" for="', inputId, '" style="display:none">',
CKEDITOR.tools.htmlEncode( elementDefinition.label ),
'</label>',
'<input id="', inputId, '" aria-labelledby="', _.labelId, '" type="file" name="',
CKEDITOR.tools.htmlEncode( elementDefinition.id || 'cke_upload' ),
'" size="',
CKEDITOR.tools.htmlEncode( size > 0 ? size : "" ),
'" />',
'</form>',
'</body></html>',
'<script>window.parent.CKEDITOR.tools.callFunction(' + callNumber + ');',
'window.onbeforeunload = function() {window.parent.CKEDITOR.tools.callFunction(' + unloadNumber + ')}</script>' ].join( '' ) );
var inputId = _.frameId + '_input';

frameDocument.$.write( [
'<html dir="' + langDir + '" lang="' + langCode + '"><head><title></title></head><body style="margin: 0; overflow: hidden; background: transparent;">',
'<form enctype="multipart/form-data" method="POST" dir="' + langDir + '" lang="' + langCode + '" action="',
CKEDITOR.tools.htmlEncode( elementDefinition.action ),
'">',
// Replicate the field label inside of iframe.
'<label id="', _.labelId, '" for="', inputId, '" style="display:none">',
CKEDITOR.tools.htmlEncode( elementDefinition.label ),
'</label>',
'<input id="', inputId, '" aria-labelledby="', _.labelId, '" type="file" name="',
CKEDITOR.tools.htmlEncode( elementDefinition.id || 'cke_upload' ),
'" size="',
CKEDITOR.tools.htmlEncode( size > 0 ? size : "" ),
'" />',
'</form>',
'</body></html>',
'<script>',
// Support for custom document.domain in IE.
CKEDITOR.env.ie ? '(' + CKEDITOR.tools.fixDomain + ')();' : '',

'window.parent.CKEDITOR.tools.callFunction(' + callNumber + ');',
'window.onbeforeunload = function() {window.parent.CKEDITOR.tools.callFunction(' + unloadNumber + ')}',
'</script>'
].join( '' ) );

frameDocument.$.close();

@@ -146,13 +146,12 @@ CKEDITOR.dialog.add( 'docProps', function( editor ) {
};
};
var previewSrc = 'javascript:' +
'void((function(){' +
encodeURIComponent( 'document.open();' +
( CKEDITOR.env.isCustomDomain() ? 'document.domain=\'' + document.domain + '\';' : '' ) +
'document.write( \'<html style="background-color: #ffffff; height: 100%"><head></head><body style="width: 100%; height: 100%; margin: 0px">' + lang.previewHtml + '</body></html>\' );' +
'document.close();'
) +
'})())';
'void((function(){' + encodeURIComponent(
'document.open();' +
( CKEDITOR.env.ie ? '(' + CKEDITOR.tools.fixDomain + ')();' : '' ) +
'document.write( \'<html style="background-color: #ffffff; height: 100%"><head></head><body style="width: 100%; height: 100%; margin: 0px">' + lang.previewHtml + '</body></html>\' );' +
'document.close();'
) + '})())';

return {
title: lang.title,
@@ -163,10 +163,22 @@
};

if ( this.isFramed ) {
// With IE, the custom domain has to be taken care at first,
// for other browers, the 'src' attribute should be left empty to
// trigger iframe's 'load' event.
var src =
CKEDITOR.env.air ? 'javascript:void(0)' :
CKEDITOR.env.ie ? 'javascript:void(function(){' + encodeURIComponent(
'document.open();' +
// In IE, the document domain must be set any time we call document.open().
'(' + CKEDITOR.tools.fixDomain + ')();' +
'document.close();'
) + '}())' :
'';

data.frame = frameTpl.output({
id: this.id + '_frame',
src: 'javascript:void(document.open(),' + ( CKEDITOR.env.isCustomDomain() ? 'document.domain=\'' + document.domain + '\',' : '' )
+ 'document.close())">'
src: src
});
}

@@ -17,7 +17,6 @@
var sHTML,
config = editor.config,
baseTag = config.baseHref ? '<base href="' + config.baseHref + '"/>' : '',
isCustomDomain = CKEDITOR.env.isCustomDomain(),
eventData;

if ( config.fullPage ) {
@@ -63,15 +62,17 @@
return false;

var sOpenUrl = '';
if ( isCustomDomain ) {
if ( CKEDITOR.env.ie ) {
window._cke_htmlToLoad = eventData.dataValue;
sOpenUrl = 'javascript:void( (function(){' +
'document.open();' +
'document.domain="' + document.domain + '";' +
// Support for custom document.domain.
// Strip comments and replace parent with window.opener in the function body.
( '(' + CKEDITOR.tools.fixDomain + ')();' ).replace( /\/\/.*?\n/g, '' ).replace( /parent\./g, 'window.opener.' ) +
'document.write( window.opener._cke_htmlToLoad );' +
'document.close();' +
'window.opener._cke_htmlToLoad = null;' +
'})() )';
'})() )';
}

// With Firefox only, we need to open a special preview page, so
@@ -84,7 +85,7 @@
var oWindow = window.open( sOpenUrl, null, 'toolbar=yes,location=no,status=yes,menubar=yes,scrollbars=yes,resizable=yes,width=' +
iWidth + ',height=' + iHeight + ',left=' + iLeft );

if ( !isCustomDomain && !CKEDITOR.env.gecko ) {
if ( !CKEDITOR.env.ie && !CKEDITOR.env.gecko ) {
var doc = oWindow.document;
doc.open();
doc.write( eventData.dataValue );
@@ -19,17 +19,9 @@
}

editor.addMode( 'wysiwyg', function( callback ) {
var iframe = CKEDITOR.document.createElement( 'iframe' );
iframe.setStyles({ width: '100%', height: '100%' } );
iframe.addClass( 'cke_wysiwyg_frame cke_reset' );

var contentSpace = editor.ui.space( 'contents' );
contentSpace.append( iframe );

var src = 'document.open();' +
// The document domain must be set any time we
// call document.open().
( isCustomDomain ? ( 'document.domain="' + document.domain + '";' ) : '' ) +
// In IE, the document domain must be set any time we call document.open().
( CKEDITOR.env.ie ? '(' + CKEDITOR.tools.fixDomain + ')();' : '' ) +
'document.close();';

// With IE, the custom domain has to be taken care at first,
@@ -39,6 +31,14 @@
:
'';

var iframe = CKEDITOR.dom.element.createFromHtml( '<iframe src="' + src + '" frameBorder="0"></iframe>' );
iframe.setStyles({ width: '100%', height: '100%' } );
iframe.addClass( 'cke_wysiwyg_frame cke_reset' );

var contentSpace = editor.ui.space( 'contents' );
contentSpace.append( iframe );


// Asynchronous iframe loading is only required in IE>8 and Gecko (other reasons probably).
// Do not use it on WebKit as it'll break the browser-back navigation.
var useOnloadEvent = CKEDITOR.env.ie || CKEDITOR.env.gecko;
@@ -63,10 +63,8 @@
});

iframe.setAttributes({
frameBorder: 0,
'aria-describedby' : labelId,
title: frameLabel,
src: src,
tabIndex: editor.tabIndex,
allowTransparency: 'true'
});
@@ -102,9 +100,6 @@
}
});

// Support for custom document.domain in IE.
var isCustomDomain = CKEDITOR.env.isCustomDomain();

function onDomReady( win ) {
var editor = this.editor,
doc = win.document,
@@ -412,7 +407,6 @@
// is fully editable even before the editing iframe is fully loaded (#4455).
var bootstrapCode =
'<script id="cke_actscrpt" type="text/javascript"' + ( CKEDITOR.env.ie ? ' defer="defer" ' : '' ) + '>' +
( isCustomDomain ? ( 'document.domain="' + document.domain + '";' ) : '' ) +
'var wasLoaded=0;' + // It must be always set to 0 as it remains as a window property.
'function onload(){' +
'if(!wasLoaded)' + // FF3.6 calls onload twice when editor.setData. Stop that.

0 comments on commit 70fbb8d

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.