Closed
Bug 68167
Opened 24 years ago
Closed 23 years ago
Editor escapes ' in "onmouseover" attribute (messes up javascript)
Categories
(Core :: DOM: Editor, defect, P2)
Core
DOM: Editor
Tracking
()
VERIFIED
FIXED
mozilla0.9.4
People
(Reporter: tapio.markula, Assigned: Brade)
References
Details
(Keywords: dataloss, Whiteboard: [html])
Attachments
(4 files, 1 obsolete file)
3.35 KB,
patch
|
Details | Diff | Splinter Review | |
478 bytes,
text/html
|
Details | |
5.60 KB,
patch
|
Details | Diff | Splinter Review | |
7.20 KB,
patch
|
Details | Diff | Splinter Review |
The editor destroys onmouseover values, because it converts ' to ' for example: onmouseover= "if(browser) nayta(4, 'c'); to onmouseover= "if(browser) nayta(4, 'c');
Comment 1•24 years ago
|
||
assigning to brade -- another escape issue
Assignee: beppe → brade
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Updated•24 years ago
|
Summary: Editor and javascript → Editor escapes ' in "onmouseover" attribute (messes up javascript)
Comment 5•23 years ago
|
||
Additional information: converts ' to ' in the below example too: desired: <a href="javascript:openWindow('ftp://ftp.netscape.com/pub/netscape6/english/6.01/');"> actual: <a href="javascript:openWindow('ftp://ftp.netscape.com/pub/netscape6/english/6.01/');">
Assignee | ||
Updated•23 years ago
|
Target Milestone: mozilla0.9.1 → mozilla0.9.2
Updated•23 years ago
|
Assignee | ||
Comment 6•23 years ago
|
||
Assignee | ||
Comment 7•23 years ago
|
||
Assignee | ||
Comment 8•23 years ago
|
||
Assignee | ||
Comment 9•23 years ago
|
||
Comment 10•23 years ago
|
||
Other event names to include: onerror onabort onresize onscroll onpaint I've found these in other lists of intrinsic events we do support (or possibly will in the very near future). I'm presuming that the changes to the list of elements in LineBreakAfterOpen/LineBreakBeforeClose/LineBreakAfterClose are unrelated to this bug. Did you really want to add SELECT to LinkBreakBeforeClose, but not to LineBreakAfterOpen? Isn't that asymmetrical?
Comment 11•23 years ago
|
||
r/sr=vidur with the changes mentioned.
Comment 12•23 years ago
|
||
r=kin@netscape.com with vidur's changes. One small nit-pick, though not required ... the doTreatAttributeAsCDATA variable name bugs me, especially since it's used with a ! in front of it ... is there a better name?
Updated•23 years ago
|
Whiteboard: [html] → [html] fixed, reviewed, need a=
Comment 13•23 years ago
|
||
a= asa@mozilla.org for checkin to the trunk. (on behalf of drivers)
Blocks: 83989
Updated•23 years ago
|
Whiteboard: [html] fixed, reviewed, need a= → [html] fixed, reviewed, approved
Assignee | ||
Comment 14•23 years ago
|
||
This bug is partially fixed (all JS attributes won't be escaped). The remaining issue is dealing with href (and other?) attributes which might have javascript: urls. Pushing off to mozilla0.9.3 while that issue is being resolved.
Target Milestone: mozilla0.9.2 → mozilla0.9.3
Assignee | ||
Updated•23 years ago
|
OS: other → All
Hardware: Other → All
Whiteboard: [html] fixed, reviewed, approved → [html]
Comment 15•23 years ago
|
||
javascript is used extensively in web pages reviewed and approved
Keywords: nsBranch
Assignee | ||
Updated•23 years ago
|
Target Milestone: mozilla1.0 → mozilla0.9.4
Assignee | ||
Comment 17•23 years ago
|
||
Comment 18•23 years ago
|
||
r=nhotta
Assignee | ||
Comment 19•23 years ago
|
||
this fix was checked into the trunk before the builds today.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 20•23 years ago
|
||
*** Bug 96554 has been marked as a duplicate of this bug. ***
Assignee | ||
Updated•21 years ago
|
Attachment #38617 -
Attachment is obsolete: true
You need to log in
before you can comment on or make changes to this bug.
Description
•