Changeset 3001:f9ed3464c960 for plugins/dcCKEditor

Timestamp:

04/27/15 13:01:58 (10 years ago)

Author:

Nicolas <nikrou77@…>

Branch:

2.7

source:

c253e82bd552066a2bb58e5891f16313665ee4f3

Message:

Fix #2062 - quotes were not encoded in attributes

Location:

plugins/dcCKEditor/js

Files:

• popup_link.js (modified) (1 diff)
• popup_media.js (modified) (3 diffs)

plugins/dcCKEditor/js/popup_link.js

@@ -24 +24 @@
                link.setAttribute('href', insert_form.elements.href.value);
                if (insert_form.elements.title.value!='') {
-                    link.setAttribute('title', insert_form.elements.title.value);
+                    link.setAttribute(
+                         'title',
+                         window.opener.CKEDITOR.tools.htmlEncodeAttr(insert_form.elements.title.value)
+                    );
                }
                if (insert_form.elements.hreflang.value!='') {
-                    link.setAttribute('hreflang', insert_form.elements.hreflang.value);
+                    link.setAttribute(
+                         'hreflang',
+                         window.opener.CKEDITOR.tools.htmlEncodeAttr(insert_form.elements.hreflang.value)
+                    );
                }
                if (editor.getSelection().getSelectedElement()!=null) {

plugins/dcCKEditor/js/popup_media.js

@@ -25 +25 @@
                     img += window.opener.$.stripBaseURL($('input[name="src"]:checked',insert_form).val())+'"';
                     var img_title = $('input[name="description"]',insert_form).val();
-                    img_title
-                         .replace('&','&').replace('>','>')
-                         .replace('<','&lt;').replace('"','&quot;');
+                    img_title = window.opener.CKEDITOR.tools.htmlEncodeAttr(img_title);
                     img += ' title="'+img_title+'"';
                     var align = $('input[name="alignment"]:checked',insert_form).val();
@@ -35 +33 @@
 
                     var title = $('input[name="title"]',insert_form).val();
-                    img += ' alt="'+title+'"/>';
+                    img += ' alt="'+window.opener.CKEDITOR.tools.htmlEncodeAttr(title)+'"/>';
 
                     var element;
@@ -53 +51 @@
                var link = '<a href="';
                link += window.opener.$.stripBaseURL($('input[name="url"]',insert_form).val());
-               link += '">'+insert_form.elements.title.value+'</a>';
+               link += '">'+window.opener.CKEDITOR.tools.htmlEncodeAttr(insert_form.elements.title.value)+'</a>';
                element = window.opener.CKEDITOR.dom.element.createFromHtml(link);