I got a problem with attributes processing in viewHtml mode
There is steps to reproduce:
1. Create Editor with "viewHtml" button
2. Open "View Html" dialog by clicking on "View Html" button
3. Put the html code as below:
<img height="157" width="314" on="" k-script-on="" />
4. Click on Update button
Uncaught TypeError: Cannot read property 'nodeName' of undefined
in _preventScriptExecution function
The bug is in processing of attributes: on="" k-script-on=""
When the code below is run
this.setAttribute("k-script-" + name, attribute.value);
the "attributes.length" changing and the variables "i" and "l" is wrong
Is it posible to fix it?
3 Answers, 1 is accepted
The problem is caused by the fact that a combination of "on" and "k-script-on" attributes are used. The Editor's logic is to replace all "on...." attributes with "k-script-on..." attributes. Since the latter attribute already exists, it is removed, which changes the attribute count on the fly.
The "k-script-on" attribute is for internal use and should normally not be used by the end user. Can you describe a valid scenario, in which the described issue occurs?
Regards,
Dimo
Telerik
Rank 1
Thank you for response
>>Can you describe a valid scenario, in which the described issue occurs
For example user can open some site in html mode and copy some html code with "on...." , "k-script-on..." attributes. Pasting of this html code is broke the kendo editor.
I understand "k-script-on" attribute is for internal use, but we creating a stable app/site and should expect any attributes from user,
and that is why we expact from kendo editor checking of this behavior. It seem we can't fix it outside of kendo editor, so Is it posible that kendo team will provide a fix for it in future?
Thanks
I am afraid we do not regard the described scenario as valid or plausible, for a couple of reasons:
- an on="" HTML attribute does not exist;
- a k-script-on="" HTML attribute does not exist. It is created and used by the Editor temporarily on the client, and is never submitted to the server or included in the returned widget's value;
Even if we replace "on" with another valid "onfoo" attribute (e.g. onclick), the probability for the user to paste code with both onfoo and k-script-onfoo attributes applied to the same element is practically zero. Moreover, this represents an unsupported scenario, because the k-script-onfoo attribute will be lost when the onfoo attribute is renamed.
The Javascript error itself is caused by the fact that the attributes collection size is cached for performance reasons, which is a good practice when the iterated collection's size is not expected to change.
Regards,
Dimo
Telerik