Grapesjs: [BUG]: HTML attributes/traits not escaped

Created on 28 Feb 2018 · 5Comments · Source: artf/grapesjs

When double quotes are added to an attribute it breaks the HTML.

https://jsfiddle.net/szLp8h4n/
Drag in the link block.
Click the link in the editor
Go to "Component settings" panel
Enter This is an "example" into title field.
Click the view code icon.
Invalid HTML is generated

<div class="c318">Hello World!!!</div>
<a title="This is an  "example"" class="c739">Link</a>

help wanted outdated

Source

nojacko

👍1

All 5 comments

Thanks for the catch James
PRs are welcome

artf on 2 Mar 2018

👍1

Fixed by https://github.com/artf/grapesjs/pull/939

artf on 10 Mar 2018

Looks like the fix only replaces the code in the Grapes editor but when getHtml() is called the issue is still present.

Inspected code:
<input type="text" name="company" placeholder="This is an "example"" required="false" data-highlightable="1" class="gjs-comp-selected">

Output from get editor.getHtml():
<input type="text" name="company" placeholder="This is an "example"" required="false"/>

nojacko on 12 Mar 2018

@nojacko I don't build files before the release so if you're using files from dist you're still using the old one

artf on 15 Mar 2018

👍1

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] on 17 Sep 2019

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Newbie Questions and Ideas

kosirm · 3Comments

Can we use grapesjs for editing and saving existing template.

desilvaNSP · 3Comments

Leveling Up Enough To Contribute

kawika-connell · 3Comments

Not allow selective Image resize

krunal039 · 3Comments

The specified element mode is not supported on element: "a" and CKE config

kickbk · 3Comments