Closed
Bug 594725
Opened 14 years ago
Closed 14 years ago
Copy-and-paste into designMode removes custom attributes on <a/> tags
Categories
(Core :: DOM: Editor, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 596300
People
(Reporter: fstauffer, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.2.9) Gecko/20100824 Firefox/3.6.9
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.2.9) Gecko/20100824 Firefox/3.6.9
When you have a document in design mode and copy paste a link tag, "custom" attributes (presumably those that are unsupported given the page's doctype) are completely removed.
Reproducible: Always
Steps to Reproduce:
1. Open a document in design mode (i entered data:text/html,<html><head><title>EDIT</title></head><body><iframe id="edit"src="about:blank"onload="this.contentDocument.designMode='on';" height='99%' width='100%'></iframe></body></html> in my address bar)
2. Put the following HTML in a document
<html>
<body>
<a href="#" bar="foo" lang="de" cmpref="test">Test</a>
</body>
</html>
3. Load that document in firefox and copy the link
4. Paste it in the previously opened designMode iframe
Actual Results:
Inspect the iframe's DOM, you get
<a lang="de" href="http://localhost/test.html#" _moz_dirty="">Test</a>
Expected Results:
<a lang="de" bar="foo" cmpref="test" href="http://cerberus.rbschange.fr/design.html#" _moz_dirty="">Test</a>
This could be a consequence of http://www.mozilla.org/security/announce/2010/mfsa2010-62.html.
|
||
Updated•14 years ago
|
Component: General → Editor
Product: Firefox → Core
QA Contact: general → editor
|
|
||
Updated•14 years ago
|
Version: unspecified → 1.9.2 Branch
|
||
Comment 1•14 years ago
|
||
This is the intended behavior. We white list the pasted attributes against a list of allowed attributes, and ignore everything else.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
|
Reporter | |
Comment 2•14 years ago
|
||
Could we at least get a precise list of allowed attributes ? Or a pointer to an online documentation describing this white listing strategy ? That would be really helpful as we have a lot of code to fix in our CMS because of that change. Thanks
|
|
||
Comment 3•14 years ago
|
||
(In reply to comment #2) > Could we at least get a precise list of allowed attributes ? Or a pointer to an > online documentation describing this white listing strategy ? That would be > really helpful as we have a lot of code to fix in our CMS because of that > change. Thanks Sure. Here is a list of allowed attributes: <http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsContentSink.cpp#1819> And here is a list of allowed tags: <http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsContentSink.cpp#1732> You can mostly ignore the "&nsGkAtoms::" part, but if you want to see a full mapping of atoms to names, you can look at <http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsGkAtomList.h>.
|
||
Comment 5•14 years ago
|
||
Hmmmm I guess so. I looked over the change list for 3.6.9 and thought there was a chance the security fixes in it might have had something to do with this but was not sure. I didn't think to look for a bug on Midas rather than just WP. So is it safe to say (after reading the thread on Bug 595176) that due to security priorities, this "bug" will not be fixed anytime soon? It seems that way but I'm not 100% on that after reading. Thanks.
|
|
||
Comment 6•14 years ago
|
||
Please see the discussion in bug 596300 (specifically bug 596300 comment 48) for more information on what we're trying to do in order to address this issue.
Resolution: INVALID → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•