Bug - Entering Javascript - Onclick function containing HTML code (brackets)

[mind.warp@…]

Here's the scenario...

We're using Xinha as part of a homebrew CMS for an intranet site. We also use a lot of Overlib (a javacript popup tool) on our sites. It was from this we found the bug.

If we do something like

<img src="foo.gif" onclick="return overlib('<a href=&quot;#&quot;>Click here</a>');"/>

Xinha completely freaks out. Switching back and forth between Source and WYSIWYG corrupts everything. We lose everything we made.

This is using the newest version.

Other WYSIWYG like regular HtmlArea? and FCKeditor handle this fine. But I like Xinha more and it's too late to switch to another.

Currently the ONLY way we can work around this is replacing the < and > symbols with lt and gt versions. But we can't make sure people will always do this.

[mharrisonline]

I haven't yet started using the GetHtml plugin and am using the extended getHTML function shown in ticket 287, and it preserves your coding. I put in

<img src="foo.gif" onclick="return overlib('<a href=&quot;#&quot;>Click here</a>');"/>

and got back

<img onclick="return overlib('<a href=&quot;#&quot;>Click here</a>');" src="foo.gif">

[wymsy]

This is fixed in the GetHtml plugin in changeset:425. It actually turned out to be one symptom of a more general problem, where any tag (including comments) that contained another tag was not being handled correctly.

[anonymous]

I just tried this in the example with the GetHTML plugin, I put in the sample:

<img src="foo.gif" onclick="return overlib('<a href=&quot;#&quot;>Click here</a>');"/>

and got back:

<img onclick="return overlib('<a href=&quot;#&quot; />Click here</a>');" src="http://xinha.gogo.co.nz/xinha-nightly/examples/foo.gif">

[wymsy]

Eliminated the '/>' from the embedded <a> tag in changeset:435.

[gogo]

I believe this is fixed now?