CK editor fields are populated with Memcache stats

Would it be possible to get some screenshots of this bug in action? I'm not able to reproduce, but something about iframes and CKEditor makes this seem like an issue that could happen.

Also, what version of CKEditor are you using?

Ok, I'm getting it too. Here's what's happening - CKEditor makes an ajax call to an endpoint - /ckeditor/xss - for each field that it handles in the node edit form. That endpoint accepts what is in the form field as well as an XSS token and returns a response which is basically the same HTML. If Memcache stats is turned on and accessible by the current user, it also appends the statistics to the response which is what makes it show up in the CKEditor screen.

I think this is actually a bug between these two modules, not necessarily just one or the other. Did you file an issue on the CKEditor issue about this as well? I think the fix might be in there instead of in this module. I'm going to keep digging on this, because what I'm supposed to be working on right now is no fun...

For some reason CKEditor doesn't have a content-type header at the moment that the XSS callback passes through memcache_admin_shutdown(), so it misses the check that would otherwise prevent this bug.

Not 100% sure why that is, nor that this is the exactly right way to fix it. It works though, so I'd appreciate some feedback from someone.

Hi, my boss just caught this bug out in production on one of our sites. Any chance of getting this reviewed and/or rolled in?

I'm unable to duplicate, but it doesn't seem to cause any regressions either. Moved into an else, committed.