Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I tested the http:BL plugin by editing the statements in function httpbl_check() to simulate a greylist and blacklist IP. The generated messages did not showed the replacements for %ipurl and %whitelisturl but resolved to /%25ipurl and /httpbl/%25writelisturl. Switching to source editing of the messages in http:BL 'Advanced' settings did not resolve the problem.
I fixed the problem by excluding admin/settings/httpbl.edit-httpbl-message-* in the CKeditor Global Profile. CKeditor had already replaced the % symbols with %25 - I edit the message to restore the 'bare' %.
Comments
Comment #1
Michael-IDA CreditAttribution: Michael-IDA commentedThis is a CKeditor problem????
Throw it back, with a reason why, if you don't feel so.
Best,
Sam
Comment #2
mkesicki CreditAttribution: mkesicki commented@nhoeller,
please write steps to reproduce your issue. CKEditor should not change % to %25.
You can check this on http://ckeditor.com/demo.
Please check what filters do you use in input format on nodes where you have problems. Please check if %25 shows in CKEditor source code before node save or after saving it.
Comment #3
nhoeller CreditAttribution: nhoeller commented@Sam-Inet, my mistake - I intended to post this to the http:bl forum but clearly had a 'brain-check'.
@michal_cksource, good point about other filters - I am running HTMLPurifier which could very well be 'escaping' certain characters in the URL. Too many 'moving parts' (:-). I am in the midst of a bunch of Durpal module upgrades and will confirm after that.
Comment #4
Michael-IDA CreditAttribution: Michael-IDA commentedHi Norbert (@nhoeller),
No I moved it from http:BL to CKEditor, as it didn't seem possible for http:BL to cause this kind of problem.
And based upon what michal (@michal_cksource) is saying it probably needs to be moved to HTMLPurifier (or at least somewhere other than CKEditor).
Best All,
Sam
Comment #5
mkesicki CreditAttribution: mkesicki commentedComment #6
nhoeller CreditAttribution: nhoeller commentedThe 'problem' appears to be HTML Purifier. My default input filter includes HTML Purifier. I also have a Full HTML filter that does not include HTML Purifier. I created a page, enabled Full HTML, switched to plain text editing and entered
This is %outside of a link. This is <a href="%inside">inside a link</a>
. After saving, re-editing and displaying the source, the only changes are the paragraph tags around the text.However, if I enable the default input format that includes HTML Purifier and repeat the steps, the source displays as
<p>This is %outside of a link. This is <a href="%25inside">inside a link</a></p>
. Note that only the % within the link reference was modified. I suspect that HTML Purifier is 'working as designed' to prevent malicious content appearing in a link reference.