Bug #72322
closed
Javascript error on deleting dce section with RTE
Added by Steffen Mevius almost 9 years ago.
Updated about 7 years ago.
Category:
FormEngine aka TCEforms
Tags:
rtehtmlarea dce tceform
Description
With the Update from 6.2.14 to 6.2.16 an error occur, when you click on the delete Icon of a section, in a DCE.
Reproduce:
1. Create DCE, section with RTE-Field in it
2. Insert DCE on new page with some sections and save
3. Now try to delete section, a javascript error occur
The onclick-method for delete has wrong escaped Javascript code.
Changing typo3/sysext/rtehtmlarea/Classes/RteHtmlAreaBase.php Line 1338 back to the change of 6.2.14 its working as expected. To have still the new Security fix following is working:
change:
return 'if (RTEarea[' . GeneralUtility::quoteJSvalue($textareaId) . ']) { RTEarea[' . GeneralUtility::quoteJSvalue($textareaId) . '].deleted = true;}';
to
return 'if (RTEarea["' . GeneralUtility::quoteJSvalue($textareaId) . '"]) { RTEarea["' . GeneralUtility::quoteJSvalue($textareaId) . '"].deleted = true;}';
- Status changed from New to Needs Feedback
Hi Steffen,
1) Thank you for your report.
2) What is a dce element? If it is about the extension http://typo3.org/extensions/repository/view/dce, than it should be fixed in there.
The code provided produces wrong javascript code, because the text area id is double quoted now:
return 'if (RTEarea["'TextAreaId'"]) { RTEarea["'TextAreaId'"].deleted = true;}';
Steffen Mevius wrote:
The onclick-method for delete has wrong escaped Javascript code.
Can you please elaborate? How does the code look like that is broken for you?
As Nicole mentioned already, your suggested fix would be wrong.
Yes my fix is wrong, although its working in this case.
Javascript Code with 6.2.16 (not working)
<a href="#" onclick="if (confirm("Are you sure?")){if
(RTEarea[\'data_tt_content__1804__pi_flexform__data__sheet0__lDEF__settings.teasers__el__10__container_teasers__el__text__vDEF_\']) {
RTEarea[\'data_tt_content__1804__pi_flexform__data__sheet0__lDEF__settings.teasers__el__10__container_teasers__el__text__vDEF_\'].deleted =
true;};$("ID-b6b580a3be-6438e62d6b").hide();setActionStatus("ID-b6b580a3be");} return false;"><span title="Delete" class="t3-icon t3-icon-actions
t3-icon-actions-edit t3-icon-edit-delete"> </span></a>
Code with 6.2.14 (working)
<a href="#" onclick="if (confirm("Are you sure?")){if
(RTEarea["data_tt_content__1804__pi_flexform__data__sheet0__lDEF__settings.teasers__el__10__container_teasers__el__text__vDEF_"]) {
RTEarea["data_tt_content__1804__pi_flexform__data__sheet0__lDEF__settings.teasers__el__10__container_teasers__el__text__vDEF_"].deleted =
true;};$("ID-9f39d971ef-076f9c0665").hide();setActionStatus("ID-9f39d971ef");} return false;"><span title="Delete" class="t3-icon t3-icon-actions
t3-icon-actions-edit t3-icon-edit-delete"> </span></a>
in 6.2.14 the function looked like:
return 'if (RTEarea["' . $textareaId . '"]) { RTEarea["' . $textareaId . '"].deleted = true;}';
IMHO we should remove the function GeneralUtility::slashJS()
in typo3_src/typo3/sysext/backend/Classes/Form/FormEngine.php:3385
$output = str_replace('/*###REMOVE###*/', GeneralUtility::slashJS(htmlspecialchars(implode('', $this->additionalJS_delete))), $output);
- Status changed from Needs Feedback to Under Review
I'm not sure whether security-wise it's still sufficient to remove the quoteJS, but encode the single-quote with htmlspecialchars():
The result would be something like this:
<a href="#" onclick="if (confirm("Are you sure?")){
if (RTEarea['data_tt_content__825__pi_flexform__data__sheet0__lDEF__settings.section__el__1__container_section__el__text__vDEF_'])...
see https://review.typo3.org/#/c/45356/
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by