Skip to content
Permalink
Browse files

Merge branch 't/11508'

  • Loading branch information...
oleq committed Feb 4, 2014
2 parents 31b7e1f + ab99c05 commit abb150f3c7dee51190eac3d7dcd9c2b90e464f4c
Showing with 19 additions and 4 deletions.
  1. +1 −0 CHANGES.md
  2. +18 −4 core/htmldataprocessor.js
@@ -11,6 +11,7 @@ Fixed Issues:
* [#11253](http://dev.ckeditor.com/ticket/11253): [IE] Fixed: Clipped upload button in [Enhanced Image](http://ckeditor.com/addon/image2) dialog.
* [#11359](http://dev.ckeditor.com/ticket/11359): Standardized the way anchors are discovered by the [Link](http://ckeditor.com/addon/link) dialog.
* [#11058](http://dev.ckeditor.com/ticket/11058): [IE8] Fixed: Error when deleting a row.
* [#11508](http://dev.ckeditor.com/ticket/11508): Fixed: htmlDataProcessor discovering protected attributes within other attributes' values.

## CKEditor 4.3.2

@@ -741,7 +741,23 @@
//

var protectElementRegex = /<(a|area|img|input|source)\b([^>]*)>/gi,
protectAttributeRegex = /\s(on\w+|href|src|name)\s*=\s*(?:(?:"[^"]*")|(?:'[^']*')|(?:[^ "'>]+))/gi;
// Be greedy while looking for protected attributes. This will let us avoid an unfortunate
// situation when "nested attributes", which may appear valid, are also protected.
// I.e. if we consider the following HTML:
//
// <img data-x="&lt;a href=&quot;X&quot;" />
//
// then the "non-greedy match" returns:
//
// 'href' => '&quot;X&quot;' // It's wrong! Href is not an attribute of <img>.
//
// while greedy match returns:
//
// 'data-x' => '&lt;a href=&quot;X&quot;'
//
// which, can be easily filtered out (#11508).
protectAttributeRegex = /((?:\w|-)+)\s*=\s*(?:(?:"[^"]*")|(?:'[^']*')|(?:[^ "'>]+))/gi,
protectAttributeNameRegex = /^(href|src|name)$/i;

// Note: we use lazy star '*?' to prevent eating everything up to the last occurrence of </style> or </textarea>.
var protectElementsRegex = /(?:<style(?=[ >])[^>]*>[\s\S]*?<\/style>)|(?:<(:?link|meta|base)[^>]*>)/gi,
@@ -758,10 +774,8 @@
return '<' + tag + attributes.replace( protectAttributeRegex, function( fullAttr, attrName ) {
// Avoid corrupting the inline event attributes (#7243).
// We should not rewrite the existed protected attributes, e.g. clipboard content from editor. (#5218)
if ( !( /^on/ ).test( attrName ) && attributes.indexOf( 'data-cke-saved-' + attrName ) == -1 ) {
fullAttr = fullAttr.slice( 1 ); // Strip the space.
if ( protectAttributeNameRegex.test( attrName ) && attributes.indexOf( 'data-cke-saved-' + attrName ) == -1 )
return ' data-cke-saved-' + fullAttr + ' data-cke-' + CKEDITOR.rnd + '-' + fullAttr;
}

return fullAttr;
} ) + '>';

0 comments on commit abb150f

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.