Opened 13 years ago

Closed 12 years ago

#988 closed defect (fixed)

(IE) elements that have some javascript event hard coded in it's TAG is still enabled in WYSIWYG mode

Reported by: caugb Owned by: gogo
Priority: normal Milestone:
Component: Xinha Core Version:
Severity: trivial Keywords:
Cc:

Description

When editing () if some element has an javascript event hard coded in it's TAG, this event is still enabled on WYSIWYG mode. Naturally it causes errors...
I'm using IE7 and don't know if this bug happens in IE 6 or <6.
In Firefox everything is allright.

Change History (4)

comment:1 Changed 13 years ago by ray

  • Resolution set to fixed
  • Status changed from new to closed

rev [793]: disabled inline events for mouseevents

Btw, mouseover events also did fire in Firefox until the editor was activated

comment:2 Changed 13 years ago by caugb

I was still having problems with others events (onload, etc), so i'm using it, that replace the event name from 'on...' to '_on..._':

// in inwardHtml
  // NEW
  // disable inline event handle inside Xinha iframe   
//  html = html.replace(/(<[^>]*onclick=["'])/gi,'$1if(window.top && window.top.Xinha){return false}');   
//  html = html.replace(/(<[^>]*onmouseover=["'])/gi,'$1if(window.top && window.top.Xinha){return false}');   
//  html = html.replace(/(<[^>]*onmouseout=["'])/gi,'$1if(window.top && window.top.Xinha){return false}');   
//  html = html.replace(/(<[^>]*onmouseodown=["'])/gi,'$1if(window.top && window.top.Xinha){return false}');   
//  html = html.replace(/(<[^>]*onmouseup=["'])/gi,'$1if(window.top && window.top.Xinha){return false}');  
  // my version... 
  // using the ' g' modifier some occurrences remained (don't know why), so, do it with a loop.
  var _er = new RegExp("(<[^>]+)\\s(on(mouse(over|out|up|down|move)|click|dblclick|(un)?load|"+
                       "resize|select|focus|blur|key(press|up|down)))\\s*=\\s*", "i");
    while(_er.test(html)) html = html.replace(_er, "$1 _$2_=");
  // /NEW

// in outwardHtml
  // NEW
  // remove disabling of inline event handle inside Xinha iframe 
//  html = html.replace(/(<[^>]*onclick=['"])if\(window\.top && window\.top\.Xinha\)\{return false\}/gi,'$1');   
//  html = html.replace(/(<[^>]*onmouseover=['"])if\(window\.top && window\.top\.Xinha\)\{return false\}/gi,'$1');   
//  html = html.replace(/(<[^>]*onmouseout=['"])if\(window\.top && window\.top\.Xinha\)\{return false\}/gi,'$1');   
//  html = html.replace(/(<[^>]*onmousedown=['"])if\(window\.top && window\.top\.Xinha\)\{return false\}/gi,'$1');   
//  html = html.replace(/(<[^>]*onmouseup=['"])if\(window\.top && window\.top\.Xinha\)\{return false\}/gi,'$1');   
  // my version...
  // using the ' g' modifier some occurrences remained (don't know why), so, do it with a loop.
  var _er = new RegExp("(<[^>]*) _(on(mouse(over|out|up|down|move)|click|dblclick|(un)?load|"+
                       "resize|select|focus|blur|key(press|up|down)))_=", "i");
  while(_er.test(html)) html = html.replace(_er, '$1 $2=');   
  // /NEW

You could use an er as this with your method too. It is not restrict to mouse events... the same problem exists in others events. Why not disable all?

comment:3 Changed 13 years ago by mokhet

  • Resolution fixed deleted
  • Severity changed from major to trivial
  • Status changed from closed to reopened

I do not understand why the test is made with "window.top.Xinha" instead of "parent.Xinha" ?

if Xinha is loaded from a frame or an iframe, i suspect the test "window.top.Xinha" to fail if Xinha is not loaded on top document. Isn't it Ray ?

I have not tested, i'm absolutly out of time to make some tests, but i think this should be :

  // disable inline event handle inside Xinha iframe
  html = html.replace(/(<[^>]*onclick=["'])/gi,'$1if(parent.Xinha){return false}');

comment:4 Changed 12 years ago by ray

  • Resolution set to fixed
  • Status changed from reopened to closed

of course you are right - fixed rev [945]

Note: See TracTickets for help on using tickets.