#1908: HtmlEncodeOutput unescapes incorrectly on some strings
-------------------------------+--------------------------------------------
Reporter: acolwell | Owner: alfonsoml
Type: Bug | Status: assigned
Priority: Normal | Milestone:
Component: Server : ASP.Net | Version: SVN
Resolution: | Keywords: HasPatch Review?
-------------------------------+--------------------------------------------
Changes (by alfonsoml):
* keywords: HasPatch => HasPatch Review?
* owner: => alfonsoml
* status: new => assigned
Old description:
> In FCKeditor.LoadPostData() the code that handles reverting the
> HtmlEncodeOutput changes does not work properly for strings that contain
> "<" or ">".
> The current code replaces '&' before '<' and '>' which causes
> the strings
> mentioned to be converted to '<' and '>' respectively. What should happen
> is that the '&' replacement should happen after the '<' and '>'
> replacement. This allows the strings to be converted to '<' and '>'
> which I believe is the proper decoding.
>
> Here is a patch that fixes this problem.
> Index: FCKeditor.cs
> ===================================================================
> --- FCKeditor.cs (revision 1585)
> +++ FCKeditor.cs (working copy)
> @@ -456,9 +456,9 @@
> // Revert the HtmlEncodeOutput changes.
> if ( this.Config["HtmlEncodeOutput"] != "false" )
> {
> - postedValue = postedValue.Replace(
> "&", "&" ) ;
> postedValue = postedValue.Replace(
> "<", "<" ) ;
> postedValue = postedValue.Replace(
> ">", ">" ) ;
> + postedValue =
> postedValue.Replace("&", "&");
> }
>
> if ( postedValue != this.Value )
New description:
In FCKeditor.LoadPostData() the code that handles reverting the
HtmlEncodeOutput changes does not work properly for strings that contain
"&lt;" or "&gt;".
The current code replaces '&' before '<' and '>' which causes
the strings
mentioned to be converted to '<' and '>' respectively. What should happen
is that the '&' replacement should happen after the '<' and '>'
replacement. This allows the strings to be converted to '<' and '>'
which I believe is the proper decoding.
Here is a patch that fixes this problem.
{{{
Index: FCKeditor.cs
===================================================================
--- FCKeditor.cs (revision 1585)
+++ FCKeditor.cs (working copy)
@@ -456,9 +456,9 @@
// Revert the HtmlEncodeOutput changes.
if ( this.Config["HtmlEncodeOutput"] != "false" )
{
- postedValue = postedValue.Replace(
"&", "&" ) ;
postedValue = postedValue.Replace( "<",
"<" ) ;
postedValue = postedValue.Replace( ">",
">" ) ;
+ postedValue = postedValue.Replace("&",
"&");
}
if ( postedValue != this.Value )
}}}
Comment:
I've attached the proposed patch for review. I'm not sure about the
current released version of FCKeditor.net, so I haven't changed the what's
new file
--
Ticket URL: <http://dev.fckeditor.net/ticket/1908#comment:2>
FCKeditor <http://www.fckeditor.net>
The text editor for Internet
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
FCKeditor-Trac mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fckeditor-trac
