Security Updates:

  • Fixed XSS vulnerability in the HTML parser reported by Maco Cortes.

    Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.

An upgrade is highly recommended!

New Features:

Fixed Issues:

  • #12506: [Safari] Fixed: Cannot paste into inline editor if the page has user-select: none style. Thanks to shaohua!
  • #12683: Fixed: Filter fails to remove custom tags. Thanks to timselier!
  • #12489 and #12491: Fixed: Various issues related to restoring the selection after performing operations on filler character. See the fixed cases.
  • #12621: Fixed: Cannot remove inline styles (bold, italic, etc.) in empty lines.
  • #12630: [Chrome] Fixed: Selection is placed outside the paragraph when the New Page button is clicked. This patch significantly simplified the way how the initial selection (a selection after the content of the editable is overwritten) is being fixed. That might have fixed many related scenarios in all browsers.
  • #11647: Fixed: The editor.blur event is not fired on first blur after initializing the inline editor on an already focused element.
  • #12601: Fixed: Strikethrough button tooltip spelling.
  • #12546: Fixed: The Preview tab in the Document Properties dialog window is always disabled.
  • #12300: Fixed: The editor.change event fired on first navigation key press after typing.
  • #12141: Fixed: List items are lost when indenting a list item with content wrapped with a block element.
  • #12515: Fixed: Cursor is in the wrong position when undoing after adding an image and typing some text.
  • #12484: [Blink/Webkit] Fixed: DOM is changed outside the editor area in a certain case.
  • #12688: Improved the tests of the styles system and fixed two minor issues.
  • #12403: Fixed: Changing the font style should not lead to nesting it in the previous style element.
  • #12609: Fixed: Incorrect config.magicline_putEverywhere name used for a Magic Line all-encompassingconfig.magicline_everywhere configuration option.


New Features:

Fixed Issues:

  • #12423: [Safari7.1+] Fixed: Enter key moved cursor to a strange position.
  • #12381: [iOS] Fixed: Selection issue. Thanks to Remiremi!
  • #10804: Fixed: CKEDITOR_GETURL is not used with some plugins where it should be used. Thanks to Thomas Andraschko!
  • #9137: Fixed: The <base> tag is not created when <head> has an attribute. Thanks to naoki.fujikawa!
  • #12377: Fixed: Errors thrown in the Image plugin when removing preview from the dialog window definition. Thanks to Axinet!
  • #12162: Fixed: Auto paragraphing and Enter key in nested editables.
  • #12315: Fixed: Marked config.autoParagraph as deprecated.
  • #12113: Fixed: A code snippet should be presented in the elements path as "code snippet" (translatable).
  • #12311: Fixed: Remove Format should also remove <cite> elements.
  • #12261: Fixed: Filter has to be destroyed and removed from CKEDITOR.filter.instances on editor destroy.
  • #12398: Fixed: Maximize does not work on an instance without a title.
  • #12097: Fixed: JAWS not reading the number of options correctly in the Text Color and Background Color button menu.
  • #12411: Fixed: Page Break used directly in the editable breaks the editor.
  • #12354: Fixed: Various issues in undo manager when holding keys.
  • #12324: [IE8] Fixed: Undo steps are not recorded when changing the caret position by clicking below the body.
  • #12332: Fixed: Lowered DOM events listeners' priorities in undo manager in order to avoid ambiguity.
  • #12402: [Blink] Fixed: Workaround for Blink bug with document.title which breaks updating title in the full HTML mode.
  • #12338: Fixed: The CKEditor package contains unoptimized images.

 

Fixed Issues:

  • #12268: Cleanup of UI Color YUI styles. Thanks to CasherWest!
  • #12263: Fixed: Paste from Word filter does not properly normalize semicolons style text. Thanks to Alin Purcaru!
  • #12243: Fixed: Text formatting lost when pasting from Word. Thanks to Alin Purcaru!
  • #111739: Fixed: keypress listeners should not be used in the undo manager. A complete rewrite of keyboard handling in the undo manager was made. Numerous smaller issues were fixed, among others:
  • #10916: Fixed: Magic Line icon in Right-To-Left environments.
  • #11970: [IE] Fixed: CKEditor paste event is not fired when pasting with Shift+Ins.
  • #12111: Fixed: Linked image attributes are not read when opening the image dialog window by doubleclicking.
  • #10030: [IE] Fixed: Prevented "Unspecified Error" thrown in various cases when IE8-9 does not allow access todocument.activeElement.
  • #12273: Fixed: Applying block style in a description list breaks it.
  • #12218: Fixed: Minor syntax issue in CSS files.
  • #12178: [Blink/WebKit] Fixed: Iterator does not return the block if the selection is located at the end of it.
  • #12185: [IE9QM] Fixed: Error thrown when moving the mouse over focused editor's scrollbar.
  • #12215: Fixed: Basepath resolution does not recognize semicolon as a query separator.
  • #12135: Fixed: Remove Format does not work on widgets.
  • #12298: [IE11] Fixed: Clicking below <body> in Compatibility Mode will no longer reset selection to the first line.
  • #12204: Fixed: Editor's voice label is not affected by config.title.
  • #11915: Fixed: With SCAYT enabled, cursor moves to the beginning of the first highlighted, misspelled word after typing or pasting into the editor.
  • SCAYT: Fixed: Error thrown in the console after enabling SCAYT and trying to add a new image.

Other Changes:

  • #12296: Merged benderjs-ckeditor into the main CKEditor repository.

Security Updates:

  • Fixed XSS vulnerability in the Preview plugin reported by Mario Heiderich of Cure53.

An upgrade is highly recommended!

New Features:

  • #12164: Added the "Justify" option to the "Horizontal Alignment" drop-down in the Table Cell Properties dialog window.

Fixed Issues:

  • #12110: Fixed: Editor crash after deleting a table. Thanks to Alin Purcaru!
  • #11897: Fixed: Enter key used in an empty list item creates a new line instead of breaking the list. Thanks to noam-si!
  • #12140: Fixed: Double-clicking linked widgets opens two dialog windows.
  • #12132: Fixed: Image is inserted with width and height styles even when they are not allowed.
  • #9317: [IE] Fixed: config.disableObjectResizing does not work on IE. Note: We were not able to fix this issue on IE11+ because necessary events stopped working. See a last resort workaround and make sure to support our complaint to Microsoft.
  • #9638: Fixed: There should be no information about accessibility help available under the Alt+0 keyboard shortcut if theAccessibility Help plugin is not available.
  • #8117 and #9186: Fixed: In HTML5 <meta> tags should be allowed everywhere, including inside the <body> element.
  • #10422: Fixed: config.fillEmptyBlocks not working properly if a function is specified.

Important Notes:

The CKEditor testing environment is now publicly available. CKEditor tests can be found in the tests/ directory. Read more about how to set up the environment and execute tests in the CKEditor Testing Environment guide.

Please note that the "tests" folder is not available in release packages, it is available only in the development version of CKEditor available on GitHub.

New Features:

Fixed Issues:

  • #11757: Fixed: Imperfections in the Moono skin. Thanks to danyaPostfactum!
  • #10091: Blockquote should be treated like an object by the styles system. Thanks to dan-james-deeson!
  • #11478: Fixed: Issue with passing jQuery objects to adapter configuration.
  • #10867: Fixed: Issue with setting encoded URI as image link.
  • #11983: Fixed: Clicking a nested widget does not focus it. Additionally, performance of the widget.repository.getByElement() method was improved.
  • #12000: Fixed: Nested widgets should be initialized on editor.setData() and nestedEditable.setData().
  • #12022: Fixed: Outer widget's drag handler is not created at all if it has any nested widgets inside.
  • #11960: [Blink/WebKit] Fixed: The caret should be scrolled into view on Backspace and Delete (covers only the merging blocks case).
  • #11306: [OSX][Blink/WebKit] Fixed: No widget entries in the context menu on widget right-click.
  • #11957: Fixed: Alignment labels in the Enhanced Image dialog window are not translated.
  • #11980: [Blink/WebKit] Fixed: <span> elements created when joining adjacent elements (non-collapsed selection).
  • #12009: [Nested widgets] Integration with the Magic Line plugin.
  • #11387: Fixed: role="radiogroup" should be applied only to radio inputs' container.
  • #7975: [IE8] Fixed: Errors when trying to select an empty table cell.
  • #11947: [Firefox+IE11] Fixed: Shift+Enter in lists produces two line breaks.
  • #11972: Fixed: Feature detection in the element.setText() method should not trigger the layout engine.
  • #7634: Fixed: The Flash Dialog plugin omits the allowFullScreen parameter in the editor data if set to true.
  • #11910: Fixed: Enhanced Image does not take config.baseHref into account when updating image dimensions.
  • #11753: Fixed: Wrong checkDirty() method value after focusing or blurring a widget.
  • #11830: Fixed: Impossible to pass some arguments to CKBuilder when using the /dev/builder/build.sh script.
  • #11945: Fixed: Form Elements plugin should not change a core method.
  • #11384: [IE9+] Fixed: IndexSizeError thrown when pasting into a non-empty selection anchored in one text node.
1 2 3 4 5 6 7 8 9> >>