search

Woundorf / foxreplace

Replace text in webpages
https://addons.mozilla.org/firefox/addon/foxreplace/
GNU General Public License v3.0
90 stars 22 forks source link

HTML substitutions make iframes become empty #144

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Hi,

I'm trying to use foxreplace with the Confluence wiki software to replace text 
in input boxes. Currently, using the 'replace with substitution list' option, 
eve when there is no text in the box applicable for a substitution, causes the 
box to become empty and unusable. Here is the html (from firebug) for the text 
entry div after I apply foxreplace (sorry for the formatting):

<div id="wysiwyg" style="width: 100%; height: 100%;"><div id="rte" class="cell 
editor-fullheight"><textarea id="wysiwygTextarea" class="hidden tinymce-editor" 
name="wysiwygContent" style="display: none;" 
aria-hidden="true"></textarea><iframe id="wysiwygTextarea_ifr" frameborder="0" 
src="javascript:""" allowtransparency="true" title="{#aria.rich_text_area}" 
style="width: 100%; height: 100%; display: block;" 
tabindex="100"></iframe></div></div><div id="wysiwyg" style="width: 100%; 
height: 100%;"> <div id="rte" class="cell editor-fullheight"> <textarea 
id="wysiwygTextarea" class="hidden tinymce-editor" name="wysiwygContent" 
style="display: none;" aria-hidden="true"></textarea> <iframe 
id="wysiwygTextarea_ifr" frameborder="0" src="javascript:""" 
allowtransparency="true" title="{#aria.rich_text_area}" style="width: 100%; 
height: 100%; display: block;" tabindex="100"> </iframe> </div> </div>

It looks as if the contents of the id="wysiwygTextarea_ifr" iframe are being 
lost when foxreplace does its work. I guess this could be some xss mitigation 
or similar thwarting me here. Any thoughts much appreciated. FFox 30.0 and 
foxreplace 0.16.1.

This is what the "wysiwyg" editor div looked like before running foxreplace 
(right at the bottom, you can see the text I entered - 'foo!'):

<div id="wysiwyg" style="width: 100%; height: 100%;">
<div id="rte" class="cell editor-fullheight">
<textarea id="wysiwygTextarea" class="hidden tinymce-editor" 
name="wysiwygContent" style="display: none;" aria-hidden="true"></textarea>
<iframe id="wysiwygTextarea_ifr" frameborder="0" src="javascript:""" 
allowtransparency="true" title="{#aria.rich_text_area}" style="width: 100%; 
height: 100%; display: block;" tabindex="100">
<!DOCTYPE html>
<html>
<head xmlns="http://www.w3.org/1999/xhtml">
<base href="https://www.wiki.ed.ac.uk">
<meta content="IE=7" http-equiv="X-UA-Compatible">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/1.0/_/
download/batch/confluence.web.resources:panel-styles/confluence.web.resources:pa
nel-styles.css" rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/1.0/_/
download/batch/confluence.web.resources:content-styles/confluence.web.resources:
content-styles.css" rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/1.0/_/
download/batch/confluence.web.resources:panel-styles/confluence.web.resources:pa
nel-styles.css" rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/5.0/_/
download/batch/com.atlassian.auiplugin:aui-experimental-page-layout-typography/c
om.atlassian.auiplugin:aui-experimental-page-layout-typography.css" 
rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/5.0/_/
download/batch/com.atlassian.auiplugin:aui-experimental-avatars/com.atlassian.au
iplugin:aui-experimental-avatars.css" rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/5.0/_/
download/batch/com.atlassian.auiplugin:aui-experimental-page-layout/com.atlassia
n.auiplugin:aui-experimental-page-layout.css" rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/5.1.5/
_/download/batch/com.atlassian.confluence.editor:editor-content-styles/com.atlas
sian.confluence.editor:editor-content-styles.css" rel="stylesheet" 
type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/5.0/_/
download/batch/com.atlassian.auiplugin:aui-experimental-lozenge/com.atlassian.au
iplugin:aui-experimental-lozenge.css" rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/2.12/_
/download/batch/com.atlassian.confluence.plugins.status-macro:view_content_statu
s/com.atlassian.confluence.plugins.status-macro:view_content_status.css" 
rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/2.12/_
/download/batch/com.atlassian.confluence.plugins.status-macro:editor_content_sta
tus/com.atlassian.confluence.plugins.status-macro:editor_content_status.css" 
rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/5.1.5/
_/download/batch/com.atlassian.confluence.plugins.confluence-templates:variable-
editor-content-styles/com.atlassian.confluence.plugins.confluence-templates:vari
able-editor-content-styles.css" rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/3.6.5/
_/download/batch/confluence.extra.attachments:attachments-css/confluence.extra.a
ttachments:attachments-css.css" rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/5.1.5/
_/download/batch/com.atlassian.confluence.plugins.confluence-inline-tasks:inline
-tasks-styles/com.atlassian.confluence.plugins.confluence-inline-tasks:inline-ta
sks-styles.css" rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/2.6.0/
_/download/batch/nl.avisi.confluence.plugins.numberedheadings:nh-tinymce-css-res
ources/nl.avisi.confluence.plugins.numberedheadings:nh-tinymce-css-resources.css
" rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/19/_/s
tyles/colors.css?spaceKey=ECAITTeam" rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/5.1.5/
_/download/resources/com.atlassian.confluence.plugins.doctheme:documentation/def
ault-theme.css" rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/5.1.5/
_/download/resources/com.atlassian.confluence.plugins.doctheme:documentation/doc
-theme.css" rel="stylesheet" type="text/css">
<link media="all" 
href="/s/en_GB-1988229788/4252/6ac85e9b14675c5514a674e1aecae99c9505ed36.7/5.1.5/
_/download/resources/com.atlassian.confluence.plugins.doctheme:documentation/spl
itter.css" rel="stylesheet" type="text/css">
<style type="text/css">
</head>
<body id="tinymce" class="mceContentBody aui-theme-default wiki-content 
fullsize" contenteditable="true" 
onload="window.parent.tinyMCE.get('wysiwygTextarea').onLoad.dispatch();" 
dir="ltr">
<p>
foo!
<br data-mce-bogus="1">
</p>
</body>
</html>
</iframe>
</div>
</div>

Original issue reported on code.google.com by iWal...@gmail.com on 12 Jul 2014 at 5:42

GoogleCodeExporter commented 9 years ago 
Hi, thanks for the report. I have reproduced the issue in 
https://demo.stiltsoft.com/pages/editpage.action?pageId=589838 with a random 
HTML substitution. It's also reproducible in 
http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe. It seams that 
iframes are not well supported when using HTML substitutions, so I'll change to 
summary to reflect this.

It may be related to issue 81.

Original comment by marc.r...@gmail.com on 12 Jul 2014 at 2:02

Woundorf commented 6 years ago

I have reproduced the issue in https://demo.stiltsoft.com/pages/editpage.action?pageId=589838 with a random HTML substitution. It's also reproducible in http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe. It seams that iframes are not well supported when using HTML substitutions, so I'll change to summary to reflect this.

Now it works correctly in the W3Schools example, but continues breaking the Confluence example if using HTML in the input and the output.