YUILibrary - Open source JavaScript and CSS for building richly interactive software.
Fork YUI on GitHub

YUI 2.x

Ticket #2527951 (closed defect)

Reporter


apenguin 		Opened: 04/23/09
Last modified: 09/14/09
Status: closed
Type: defect
Resolution: fixed

Owner


Dav Glass 		Target Release: 2.8.0
Priority: P3 (normal)
Summary: Ampersands are not always escaped properly in the RichTextEditor (RTE)
Description:

When the contents of an RTE is submitted, HTML tags and stand-alone ampersands are converted into their properly-escaped XML counterparts, i.e., lt gt and amp entities; but other entities, such as
& are not converted.

The result on the server side is a mess of improperly escaped tags, which is very hard to resolve server-side. If, for example, I were to escape all ampersands to & amp ; entities, that would break
those that were actually properly escaped.
Type: defect Observed in Version: 2.7.0
Component: Editor Severity: S3 (normal)
Assigned To: Dav Glass Target Release: 2.8.0
Location: Library Code Priority: P3 (normal)
Tags: Relates To: #2527891
Browsers: Firefox 3.x - All
URL:
Test Information:

I am using version 2.7.0 and the RichTextEditor like this:
new YAHOO.widget.Editor(fieldName,{
height: '5em',
width: '100%',
autoHeight: true,
handleSubmit: false,
insert: false
});
I call saveHTML() upon form submission.

To reproduce:
In the editor, type "& & <q>" and "& & <q>" is submitted, not "& & <q>" as one would expect.

Change History

apenguin
Posted: 04/23/09
  • relatesto changed to 2527891

Dav Glass

YUI Developer
Posted: 04/23/09
  • location changed to Library Code
  • milestone changed to 2.NEXT
  • priority changed to P3 (normal)
  • status changed from new to accepted

Dav Glass

YUI Developer
Posted: 06/26/09
  • milestone changed from 2.NEXT to 2.8.0

Dav Glass

YUI Developer
Posted: 07/15/09
  • resolution changed to fixed
  • status changed from accepted to checkedin

fixes #2527951 - Fixed issue with invalid & conversion
View Commit: d157fa039a8c11ca7f43c4ca3a175bf16711e0eb

George

YUI Developer
Posted: 09/14/09
  • status changed from checkedin to closed

2.8.0 has been released. All "checkedin" items are available for download in the official release. Status of "checkedin" items is being set to closed.