Bug #97727
closed
RteHtmlParser crashes with ill-formed HTML
0%
Description
Ill-formed HTML may crash the RteHtmlParser. This can e.g. occur if pre-generated source is being added to a text element and subsequently saved without switching back to the RTE view before. This bug may be related to #93302 but this has not yet been verified.
To trigger the bug you can create a text element, switch to the Source view and paste in HTML such as the following:
<ol><li>foo</li><li>bar</li><ol>
(note the incorrectly closed "ol" tag)
After saving each attempt to edit the new record again will fail with the following stack trace:
TYPO3\CMS\Core\Error\Exception: PHP Warning: Undefined array key 2 in /server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Html/RteHtmlParser.php line 473
#37 /sysext/core/Classes/Error/ErrorHandler.php(137): TYPO3\CMS\Core\Error\ErrorHandler::handleError
#36 /sysext/core/Classes/Html/RteHtmlParser.php(473): TYPO3\CMS\Core\Html\RteHtmlParser::TS_transform_rte
#35 /sysext/core/Classes/Html/RteHtmlParser.php(198): TYPO3\CMS\Core\Html\RteHtmlParser::transformTextForRichTextEditor
#34 /sysext/backend/Classes/Form/FormDataProvider/TcaText.php(65): TYPO3\CMS\Backend\Form\FormDataProvider\TcaText::addData
#33 /sysext/backend/Classes/Form/FormDataGroup/OrderedProviderList.php(66): TYPO3\CMS\Backend\Form\FormDataGroup\OrderedProviderList::compile
#32 /sysext/backend/Classes/Form/FormDataGroup/TcaDatabaseRecord.php(40): TYPO3\CMS\Backend\Form\FormDataGroup\TcaDatabaseRecord::compile
#31 /sysext/backend/Classes/Form/FormDataCompiler.php(102): TYPO3\CMS\Backend\Form\FormDataCompiler::compile
#30 /sysext/backend/Classes/Controller/EditDocumentController.php(1151): TYPO3\CMS\Backend\Controller\EditDocumentController::makeEditForm
#29 /sysext/backend/Classes/Controller/EditDocumentController.php(1023): TYPO3\CMS\Backend\Controller\EditDocumentController::main
#28 /sysext/backend/Classes/Controller/EditDocumentController.php(431): TYPO3\CMS\Backend\Controller\EditDocumentController::mainAction
#27 /sysext/backend/Classes/Http/RouteDispatcher.php(91): TYPO3\CMS\Backend\Http\RouteDispatcher::dispatch
#26 /sysext/backend/Classes/Http/RequestHandler.php(110): TYPO3\CMS\Backend\Http\RequestHandler::handle
#25 /sysext/core/Classes/Middleware/ResponsePropagation.php(34): TYPO3\CMS\Core\Middleware\ResponsePropagation::process
#24 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#23 /sysext/backend/Classes/Middleware/SiteResolver.php(69): TYPO3\CMS\Backend\Middleware\SiteResolver::process
#22 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#21 /sysext/backend/Classes/Middleware/AdditionalResponseHeaders.php(41): TYPO3\CMS\Backend\Middleware\AdditionalResponseHeaders::process
#20 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#19 /sysext/backend/Classes/Middleware/OutputCompression.php(47): TYPO3\CMS\Backend\Middleware\OutputCompression::process
#18 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#17 /sysext/backend/Classes/Middleware/BackendUserAuthenticator.php(165): TYPO3\CMS\Backend\Middleware\BackendUserAuthenticator::process
#16 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#15 /sysext/backend/Classes/Middleware/BackendRouteInitialization.php(86): TYPO3\CMS\Backend\Middleware\BackendRouteInitialization::process
#14 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#13 /sysext/backend/Classes/Middleware/ForcedHttpsBackendRedirector.php(55): TYPO3\CMS\Backend\Middleware\ForcedHttpsBackendRedirector::process
#12 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#11 /sysext/backend/Classes/Middleware/LockedBackendGuard.php(75): TYPO3\CMS\Backend\Middleware\LockedBackendGuard::process
#10 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#9 /sysext/core/Classes/Middleware/NormalizedParamsAttribute.php(45): TYPO3\CMS\Core\Middleware\NormalizedParamsAttribute::process
#8 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#7 /sysext/core/Classes/Middleware/VerifyHostHeader.php(55): TYPO3\CMS\Core\Middleware\VerifyHostHeader::process
#6 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#5 /sysext/core/Classes/Http/MiddlewareDispatcher.php(78): TYPO3\CMS\Core\Http\MiddlewareDispatcher::handle
#4 /sysext/core/Classes/Http/AbstractApplication.php(86): TYPO3\CMS\Core\Http\AbstractApplication::handle
#3 /sysext/backend/Classes/Http/Application.php(72): TYPO3\CMS\Backend\Http\Application::handle
#2 /sysext/core/Classes/Http/AbstractApplication.php(100): TYPO3\CMS\Core\Http\AbstractApplication::run
#1 /index.php(20): {closure}
#0 /index.php(21): null
Furthermore, any attempt to view the page in the Frontend will lead to similar behaviour, as TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::parseFunc makes use of the RteHtmlParser as well.
Updated by Georg Ringer over 2 years ago
- Related to Bug #93302: Pre-formatted text in RTE gets re-formatted when inside an ordered / unordered list added
Updated by Georg Ringer over 2 years ago
a quick fix would be to change the line into
$blockSplit[$k + 1] = preg_replace('/^[ ]*' . LF . '/', '', $blockSplit[$k + 1] ?? '');
but I am unsure if the resulting HTML is good enough for a patch or if more needs to be changed
<ol>
<li>foo</li>
<li>bar
<ol>
</ol>
</li>
</ol>
Updated by
Updated by Krzysztof Gutkowski over 1 year ago
I am unable to reproduce this on either v11, v12, or main.
CKeditor seems to fix the malformed HTML on frontend before it's saved to the database. However, when manually editing the database to contain said malformed HTML, the issue doesn't occur either.
Updated by Riccardo De Contardi 10 months ago
I performed a test with TYPO3 11.5.34, 12.4.10 and latest main
The test procedure is the same for all the environments:
1. Create a new page
2. create in it a content element, Type: "Regular Text Element", headline: "Test from Interface"
2.1. open it for editing, click on the "source code" of the bodytext field
2.2. paste in it the string
<ol><li>foo</li><li>bar</li><ol>
2.3. click again the RTE button "source code"; Save and close
3. create another content element, Type: "Regular Text Element", headline: "Test from Database", do not edit the bodytext field
3.1. Save and close it
4. reach on the database the tt_content record created on 3. and paste in the "bodytext" field the same content of point 2.2.
5. clear the frontend cache
6. view the FE page (on another browser) and inspect its HTML
7. on the backend, try to edit the content element created at point 2.
8. on the backend, try to edit the content element created at point 3.
8.1. save and close it
8.2. refresh the FE view and inspect its HTML again
Results¶
points 7. and 8. : as far as I have seen, no crashes on the BE occurs, the content elements are always editable
the only differences I have seen are about the HTML code I've seen on the preview; I summed up everything on the following table:
| TYPO3 Version | Source code on FE for element "Test from interface" | Source code on FE for element "Test from database" (before editing the element on the backend - point 6. ) | Source code on FE for element "Test from database" (after editing the element on the backend - point 8.; 8.2 ) |
|---|---|---|---|
| 11.5.34 |
<ol>
<li>foo</li>
<li>bar
<ol> </ol>
</li>
</ol>
It adds an empty element, but the HTML is correct |
<ol>
<li>foo</li>
<li>bar</li>
<ol>
</ol></ol>HTML is wrong |
<ol>
<li>foo</li>
<li>bar
<ol> </ol>
</li>
</ol>
It becomes the content of 2. |
| 12.4.10 |
<ol>
<li>foo</li>
<li>bar</li>
</ol>No redundant empty elements |
<ol>
<li>foo</li>
<li>bar</li>
<ol></ol>
</ol>
HTML is wrong |
<ol>
<li>foo</li>
<li>bar</li>
</ol>
It becomes the content of 2. |
| latest main |
<ol>
<li>foo</li>
<li>bar</li>
</ol>No redundant empty elements |
<ol>
<li>foo</li>
<li>bar</li>
<ol></ol>
</ol>
HTML is wrong |
<ol>
<li>foo</li>
<li>bar</li>
</ol>
It becomes the content of 2. |
Updated by Riccardo De Contardi 20 days ago
ยท Edited
- Status changed from Needs Feedback to Closed
With ckeditor5's scrubbing before saving content this should not occur anymore, and v11 is now outside of free support.
Mangled HTML due to wrong initial input is something we can't easily auto-correct; Ckeditor though allows to recover that markup in the editing process.
For these reasons and lack of feedback I guess it is safe to close this issue now
If you think that this is the wrong decision please reopen it or ping me and I'll happily do it
Thank you