Fixed XSS vulnerability in the HTML data processor reported by Michał Bentkowski of Securitum.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode or (i) copy the specially crafted HTML code, prepared by the attacker and (ii) paste it into CKEditor in WYSIWYG mode.
Fixed XSS vulnerability in the WebSpellChecker plugin reported by Pham Van Khanh from Viettel Cyber Security.
Issue summary: It was possible to execute XSS using CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, then (iii) switch back to WYSIWYG mode, and (iv) preview CKEditor content outside CKEditor editable area.
An upgrade is highly recommended!
New features:
#2374: Added support for pasting rich content from LibreOffice Writer with the Paste from LibreOffice plugin.
#2583: Changed emoji suggestion box to show the matched emoji name instead of an ID.
#3748: Improved the color button state to reflect the selected editor content colors.
#3661: Improved the Print plugin to respect styling rendered by the Preview plugin.
#3547: Active dialog tab now has the aria-selected="true" attribute.
#875: Fixed: Pasting inside the editor that contains a table with the Table Selection plugin after selecting all content replaces only the table element instead of the entire content.
#3415: [Firefox] Fixed: Pasting individual list elements fails. Thanks to Jack Wickham!
#3413: Fixed: Menu items with labels containing double quotes are rendered incorrectly.
#3475: [Firefox] Fixed: Pasting plain text over existing content fails and throws an error.
#2027: Fixed: Incorrect email display text after reopening the Link dialog for display names starting with @.
#3544: Fixed: The Special Characters dialog read incorrectly by screen readers due to empty table cells at the end.
#1469: Fixed: Trying to get data from a nested editable inside a freshly pasted widget throws an error.
#2235: Fixed: An Image in a table cell has an empty URL field when edited from the context menu opened by right-click when the Table Selection plugin is in use.
#3098: Fixed: Unit pickers for table cell width and height in the Table Tools plugin have a different width.
#2748: Enhanced error messages thrown when creating an editor on a non-existent element or when trying to instantiate the second editor on the same element. Thanks to Byran Zaugg!
#2403: Fixed: Styling inline editor initialized inside a table with the Table Selection plugin is causing style leaks.
#2514: Fixed: Pasting table data into inline editor initialized inside a table with the Table Selection plugin inserts pasted content into the wrapping table.