Editor redirects/opens non-whitelisted images instead of uploading as non-image

Xon

Well-known member
Affected version
2.2.9
When the Froala editor handles a non-whitelisted image via drag & drop it will redirect to that image instead of uploading it as a non-image. There is no error messages or warnings, just very unexpected behavior.

While "attach files" works as expected.

An example of this is an SVG being dragged onto the editor.

The problem appears to be in the file.min.js plugin:
JavaScript:
        function D(a) {
            var d = a.originalEvent.dataTransfer;
            if (d && d.files && d.files.length) {
                var g = d.files[0];
                if (g && "undefined" !== typeof g.type) {
                    if (0 > g.type.indexOf("image")) {
                        if (!b.opts.fileUpload)
...
        function ta(b) {
            var a = b.originalEvent.dataTransfer;
            if (a && a.files && a.files.length) {
                var d = a.files[0];
                if (d && d.type && -1 !== d.type.indexOf("image") && 0 <= c.opts.imageAllowedTypes.indexOf(d.type.replace(/image\//g, ""))) {
                    if (!c.opts.imageUpload)
                        return b.preventDefault(),
                        b.stopPropagation(),
                        !1;
SVG's have the mime-type "image/svg+xml", so indexOf returns 0. But the first function handles non-image uploads while the second one handles only whitelisted images. This means non-whitelisted images are handled incorrectly, and result in the browser opening the image instead of uploading it as a file.
 
Back
Top Bottom