CMS-11021 Parse image URL before fetching it

The URL of the image prefetched by the image2 plugin should always be a valid, absolute URL. However, while entering an absolute URL the value can be interpreted as a relative URL (e.g. "http", the start of an absolute URL, will be interpreted as a relative URL by the browser). Such relative URLs should be ignored. The URL constructor throws an error for illegal and relative URLs, so that's the simple yet effective filter. Providing this fix upstream is hard because officially CKEditor still supports IE. However, IE does not support the URL constructor.
onehippo · Feb 19, 2018 · b92bcfb · b92bcfb
1 parent b23e6b3
commit b92bcfb
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/plugins/image2/dialogs/image2.js b/plugins/image2/dialogs/image2.js
@@ -107,6 +107,8 @@ CKEDITOR.dialog.add( 'image2', function( editor ) {
 		// @param {String} src.
 		// @param {Function} callback.
 		return function( src, callback, scope ) {
+			var srcUrl;
+
 			addListener( 'load', function() {
 				// Don't use image.$.(width|height) since it's buggy in IE9-10 (http://dev.ckeditor.com/ticket/11159)
 				var dimensions = getNatural( image );
@@ -122,8 +124,13 @@ CKEDITOR.dialog.add( 'image2', function( editor ) {
 				callback( null );
 			} );
 
-			image.setAttribute( 'src',
-				( config.baseHref || '' ) + src + '?' + Math.random().toString( 16 ).substring( 2 ) );
+			try {
+				srcUrl = new URL(( config.baseHref || '' ) + src + '?' + Math.random().toString( 16 ).substring( 2 ));
+				image.setAttribute( 'src', srcUrl.toString());
+			} catch (e) {
+				// invalid URL
+				callback( null );
+			}
 		};
 	}