Closed (works as designed)
Project:
CKEditor 4 - WYSIWYG HTML editor
Version:
6.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
1 Jan 2013 at 22:54 UTC
Updated:
27 Jan 2013 at 17:38 UTC
Comments
Comment #1
Michael-IDA commentedThis is a CKeditor problem????
Throw it back, with a reason why, if you don't feel so.
Best,
Sam
Comment #2
mkesicki commented@nhoeller,
please write steps to reproduce your issue. CKEditor should not change % to %25.
You can check this on http://ckeditor.com/demo.
Please check what filters do you use in input format on nodes where you have problems. Please check if %25 shows in CKEditor source code before node save or after saving it.
Comment #3
nhoeller commented@Sam-Inet, my mistake - I intended to post this to the http:bl forum but clearly had a 'brain-check'.
@michal_cksource, good point about other filters - I am running HTMLPurifier which could very well be 'escaping' certain characters in the URL. Too many 'moving parts' (:-). I am in the midst of a bunch of Durpal module upgrades and will confirm after that.
Comment #4
Michael-IDA commentedHi Norbert (@nhoeller),
No I moved it from http:BL to CKEditor, as it didn't seem possible for http:BL to cause this kind of problem.
And based upon what michal (@michal_cksource) is saying it probably needs to be moved to HTMLPurifier (or at least somewhere other than CKEditor).
Best All,
Sam
Comment #5
mkesicki commentedComment #6
nhoeller commentedThe 'problem' appears to be HTML Purifier. My default input filter includes HTML Purifier. I also have a Full HTML filter that does not include HTML Purifier. I created a page, enabled Full HTML, switched to plain text editing and entered
This is %outside of a link. This is <a href="%inside">inside a link</a>. After saving, re-editing and displaying the source, the only changes are the paragraph tags around the text.However, if I enable the default input format that includes HTML Purifier and repeat the steps, the source displays as
<p>This is %outside of a link. This is <a href="%25inside">inside a link</a></p>. Note that only the % within the link reference was modified. I suspect that HTML Purifier is 'working as designed' to prevent malicious content appearing in a link reference.