- Affected version
- 2.2.9
When the Froala editor handles a non-whitelisted image via drag & drop it will redirect to that image instead of uploading it as a non-image. There is no error messages or warnings, just very unexpected behavior.
While "attach files" works as expected.
An example of this is an SVG being dragged onto the editor.
The problem appears to be in the file.min.js plugin:
SVG's have the mime-type "image/svg+xml", so indexOf returns 0. But the first function handles non-image uploads while the second one handles only whitelisted images. This means non-whitelisted images are handled incorrectly, and result in the browser opening the image instead of uploading it as a file.
While "attach files" works as expected.
An example of this is an SVG being dragged onto the editor.
The problem appears to be in the file.min.js plugin:
JavaScript:
function D(a) {
var d = a.originalEvent.dataTransfer;
if (d && d.files && d.files.length) {
var g = d.files[0];
if (g && "undefined" !== typeof g.type) {
if (0 > g.type.indexOf("image")) {
if (!b.opts.fileUpload)
...
function ta(b) {
var a = b.originalEvent.dataTransfer;
if (a && a.files && a.files.length) {
var d = a.files[0];
if (d && d.type && -1 !== d.type.indexOf("image") && 0 <= c.opts.imageAllowedTypes.indexOf(d.type.replace(/image\//g, ""))) {
if (!c.opts.imageUpload)
return b.preventDefault(),
b.stopPropagation(),
!1;