Telerik Forums / UI for ASP.NET MVC
This is a migrated thread and some comments may be shown as answers.

Editor loses changes to html tags

1 Answer 70 Views
Editor
This is a migrated thread and some comments may be shown as answers.
Shaun
Top achievements
Rank 1
Shaun asked on 06 Jan 2014, 12:10 PM
Hello,

I've tried this on the online demo at : 

http://demos.kendoui.com/web/editor/all-tools.html

click the View Html tool, edit the first img tag and add onerror="imgError()" to it.

Click update button. View Html again and my change has now disappeared. Why is that ?
I've first noticed it locally and I thought I did something wrong, then I tried it on the online demo section and the same behaviour happens. 

Things get even weirder if you add something like onerror="alert('The image could not be loaded.')"

if you view html again this is what you get : 

<img alt="Editor for ASP.NET MVC logo" be="" could="" image="" loaded.');"="" not="" src="http://www.kendoui.com/Image/kendo-logo.png" style="display:block;margin-left:auto;margin-right:auto;" the="" />

Looks like a big bug to me.

1 Answer, 1 is accepted

Sort by
0
Accepted
Alex Gyoshev
Telerik team
answered on 06 Jan 2014, 03:06 PM
Hello Stuart,

The onerror handler is stripped intentionally, as it has exposed some XSS problems in the past. The incorrect parsing of the onerror message is indeed wrong, and has been logged for fixing. If you want to add an error handler, do so through client-side scripting rather than through attributes.

Regards,
Alex Gyoshev
Telerik
Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
Tags
Editor
Asked by
Shaun
Top achievements
Rank 1
Answers by
Alex Gyoshev
Telerik team
Share this question
or