Opened 14 years ago

Closed 13 years ago

#591 closed defect (fixed)

Bug - Entering Javascript - Onclick function containing HTML code (brackets)

Reported by: mind.warp@… Owned by: gogo
Priority: high Milestone:
Component: Xinha Core Version: trunk
Severity: major Keywords: javascript corrupt bug
Cc:

Description

Here's the scenario...

We're using Xinha as part of a homebrew CMS for an intranet site. We also use a lot of Overlib (a javacript popup tool) on our sites. It was from this we found the bug.

If we do something like


<img src="foo.gif" onclick="return overlib('<a href=&quot;#&quot;>Click here</a>');"/>


Xinha completely freaks out. Switching back and forth between Source and WYSIWYG corrupts everything. We lose everything we made.

This is using the newest version.

Other WYSIWYG like regular HtmlArea? and FCKeditor handle this fine. But I like Xinha more and it's too late to switch to another.

Currently the ONLY way we can work around this is replacing the < and > symbols with lt and gt versions. But we can't make sure people will always do this.

Attachments (1)

.2 (0 bytes) - added by anonymous 13 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 14 years ago by mharrisonline

I haven't yet started using the GetHtml? plugin and am using the extended getHTML function shown in ticket 287, and it preserves your coding. I put in

<img src="foo.gif" onclick="return overlib('<a href=&quot;#&quot;>Click here</a>');"/>

and got back

<img onclick="return overlib('<a href=&quot;#&quot;>Click here</a>');" src="foo.gif">

comment:2 Changed 14 years ago by wymsy

This is fixed in the GetHtml? plugin in changeset:425. It actually turned out to be one symptom of a more general problem, where any tag (including comments) that contained another tag was not being handled correctly.

comment:3 Changed 14 years ago by anonymous

I just tried this in the example with the GetHTML plugin, I put in the sample:

<img src="foo.gif" onclick="return overlib('<a href=&quot;#&quot;>Click here</a>');"/>

and got back:

<img onclick="return overlib('<a href=&quot;#&quot; />Click here</a>');" src="http://xinha.gogo.co.nz/xinha-nightly/examples/foo.gif">


comment:4 Changed 14 years ago by wymsy

Eliminated the '/>' from the embedded <a> tag in changeset:435.

Changed 13 years ago by anonymous

comment:5 Changed 13 years ago by gogo

  • Resolution set to fixed
  • Status changed from new to closed

I believe this is fixed now?

Note: See TracTickets for help on using tickets.