execCommand changes the inserted string

RESOLVED DUPLICATE of bug 597784

Status

()

--
major
RESOLVED DUPLICATE of bug 597784
8 years ago
8 years ago

People

(Reporter: gklinda, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; hu; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0C) FirePHP/0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; hu; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0C) FirePHP/0.4

The problem occures with a contentEditable element.
If this command is run on the element:

var str = "<a href=\"download.php?docID=24\" onclick="javascript: if (typeof(webraDocumentAnalitics)!=='undefined') {webraDocumentAnalitics('/download.php?docID=24');}">jlsdk</a>";

execCommand('insertHTML',false,str);

the result is this:

<a href="download.php?docID=24">jlsdk</a>

So the execCommand filters out the onclick attribute.

Reproducible: Always

Steps to Reproduce:
run this command:
var str = "<a href=\"download.php?docID=24\" onclick="javascript: if (typeof(webraDocumentAnalitics)!=='undefined') {webraDocumentAnalitics('/download.php?docID=24');}">jlsdk</a>";

execCommand('insertHTML',false,str);
Actual Results:  
the contentEditable element contains:
<a href="download.php?docID=24">jlsdk</a>

Expected Results:  
<a href=\"download.php?docID=24\" onclick="javascript: if (typeof(webraDocumentAnalitics)!=='undefined') {webraDocumentAnalitics('/download.php?docID=24');}">jlsdk</a>
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 595176

Comment 2

8 years ago
In fact, we're going to change this behavior in bug 597784, so that inserthtml
doesn't strip anything from its input, the same way that setting innerHTML does
not.  Please follow that bug for the progress of this issue.
Duplicate of bug: 597784
You need to log in before you can comment on or make changes to this bug.