Added cloneId arguments to the above methods, range.splitBlock() and element.breakParent(). Mind the default values and special behavior in the extractContents() method!
Fixed issues where IDs were lost on copy&paste and drag&drop.
Toolbar configurators:
#13185: Fixed: Wrong position of the suggestion box if there is not enough space below the caret.
#13138: Fixed: The "Toggle empty elements" button label is unclear.
#13136: Fixed: Autocompleter is far too intrusive.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.
#13351: Fixed: Link lost when editing a linked image with the Link tab disabled. This also fixed a bug when inserting an image into a fully selected link would throw an error (#12847).
#13344: [WebKit/Blink] Fixed: It is possible to remove or change editor content in read-only mode.
#12930: Because of licensing issues, truncated-mathjax/ is now removed from the tests/ directory. Nowbender.config.mathJaxLibPath must be configured manually in order to run Mathematical Formulas plugin tests.
Clipboard (copy&paste, drag&drop) and file uploading features and improvements (#11437).
Major features:
Support for dropping and pasting files into the editor was introduced. Through a set of new facades for native APIs it is now possible to easily intercept and process inserted files.
File upload tools were introduced in order to simplify controlling the loading, uploading and handling server response, properly handle new upload configuration options, etc.
Image upload widget was introduced to upload dropped images. A base class for the upload widget was exposed, too, to make it simple to create new types of upload widgets which can handle any type of dropped file, show the upload progress and update the content when the process is done. It also handles editing and undo/redo operations when a file is being uploaded and integrates with the notification aggregator to show progress and success or error.
All drag and drop operations were integrated with the editor. All dropped content is passed through the editor#paste event and a set of new editor events was introduced — dragstart, drop, dragend.
The Data Transfer facade was introduced to unify access to data in various types and files. Data Transfer is now always available in the editor#paste event.
Switched from the pastebin to using the native clipboard access whenever possible. This solved many issues related to pastebin such as unnecessary scrolling or data loss. Additionally, on copy and cut from the editor the clipboard data is set. Therefore, on paste the editor has access to clean data, undisturbed by the browsers.
Drag and drop of inline and block widgets was integrated with the standard clipboard APIs. By listening to drag events you will thus be notified about widgets, too. This opens a possibility to filter pasted and dropped widgets.
The editor#paste event can have the range parameter so it is possible to change the paste position in the listener or paste in the not selectable position. Also the editor.insertHtml() method now accepts range as an additional parameter.
#11621: A configurable paste filter was introduced. The filter is by default turned to 'semantic-content' on Webkit and Blink for all pasted content coming from external sources because of the low quality of HTML that these engines put into the clipboard. Internal and cross-editor paste is safe due to the change explained in the previous point.
Other changes and related fixes:
#12095: On drag and copy of widgets the same method is used to get selected HTML as in the normal case. Thanks to that styles applied to inline widgets are not lost.
File APIs needed to operate and file upload is not supported in Internet Explorer 9 and below.
Only Chrome and Safari on Mac OS support setting custom data items in the clipboard, so currently it is possible to recognize the origin of the copied content in these browsers only. All drag and drop operations can be identified thanks to the new Data Transfer facade.
No Internet Explorer browser supports the standard clipboard API which results in small glitches like where only plain text can be dropped from outside the editor. Thanks to the new Data Transfer facade, internal and cross-editor drag and drop supports the full range of data.
Direct access to clipboard could only be implemented in Chrome, Safari on Mac OS, Opera and Firefox. In other browsers the pastebin must still be used.
The old set of samples shipped with every CKEditor package was replaced with a shiny new single-page sample. This change concluded a long term plan which started from introducing the CKEditor SDK and CKEditor Functionality Overview section in the documentation which essentially redefined the old samples.
Toolbar configurators with live previews were introduced. They will be shipped with every CKEditor package and are meant to help in configuring toolbar layouts.
#10931: Added support for nesting widgets. It is now possible to insert one widget into another widget's nested editable. Note that unless nested editable's allowed content is defined precisely, starting from CKEditor 4.5 some widget buttons may become enabled. This feature is not supported in IE8. Included issues:
#12018: Fixed and reviewed: Nested widgets garbage collection.
#12024: [Firefox] Fixed: Outline is extended to the left by unpositioned drag handlers.
#12006: Fixed: Drag and drop of nested block widgets.
#12008: Fixed various cases of inserting a single non-editable element using the editor.insertHtml() method. Fixes pasting a widget with a nested editable inside another widget's nested editable.
#10986: Added support for changing dialog input and textarea text directions by using the Shift+Alt+Home/End keystrokes. The direction is stored in the value of the input by prepending the \u202A or \u202B marker to it. Read more in the documentation. Thanks to edithkk!
#11583: Added support for the HTML5 required attribute in various form elements. Thanks to Steven Busse!
Changes:
#12858: Basic Spartan browser compatibility. Full compatibility will be introduced later, because at the moment Spartan is still too unstable to be used for tests and we see many changes from version to version.
#13069: Fixed inconsistencies between editable.insertHtml() and editable.insertElement() when the range parameter is used. Now, the editor.insertElement() method works on a higher level, what means that it saves undo snapshots and sets selection after insertion. Use the editable.insertElementIntoRange() method directly for the pre 4.5.0 behavior of editable.insertElement().
#12870: Use editor.showNotification() instead of alert() directly whenever possible. When the notification plugin is loaded the notifications system is used automatically. Otherwise, the native alert() is displayed.
#8024: Swapped behavior of the Split Cell Vertically and Horizontally features to be more intuitive. Thanks to kevinisagit!
#10903: Performance improvements for the dom.element.addClass(), dom.element.removeClass() and dom.element.hasClass() methods. Note: The previous implementation allowed passing multiple classes to addClass() although it was only a side effect of that implementation. The new implementation does not allow this.
#11856: jQuery adapter throw a meaningful error if CKEditor or jQuery is not loaded.
#12825: Fixed: Preventing the Table Resize plugin from operating on elements outside the editor. Thanks to Paul Martin!
#12157: Fixed: Lost text formatting on pressing Tab when the config.tabSpaces configuration option value was greater than zero.
#12777: Fixed: The table-layout CSS property should be reset by skins. Thanks to vita10gy!
#12812: Fixed: An uncaught security exception is thrown when Line Utilities are used in an inline editor loaded in a cross-domain iframe. Thanks to Vitaliy Zurian!
Fixed XSS vulnerability in the HTML parser reported by Maco Cortes.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.
#12630: [Chrome] Fixed: Selection is placed outside the paragraph when the New Page button is clicked. This patch significantly simplified the way how the initial selection (a selection after the content of the editable is overwritten) is being fixed. That might have fixed many related scenarios in all browsers.
#11647: Fixed: The editor.blur event is not fired on first blur after initializing the inline editor on an already focused element.
#12263: Fixed: Paste from Word filter does not properly normalize semicolons style text. Thanks to Alin Purcaru!
#12243: Fixed: Text formatting lost when pasting from Word. Thanks to Alin Purcaru!
#111739: Fixed: keypress listeners should not be used in the undo manager. A complete rewrite of keyboard handling in the undo manager was made. Numerous smaller issues were fixed, among others:
#10926: [Chrome@Android] Fixed: Typing does not record snapshots and does not fire the editor.change event.
#11611: [Firefox] Fixed: The editor.change event is fired when pressing Arrow keys.
#12219: [Safari] Fixed: Some modifications of the UndoManager.locked property violate strict mode in the Undoplugin.
#9638: Fixed: There should be no information about accessibility help available under the Alt+0 keyboard shortcut if theAccessibility Help plugin is not available.
#8117 and #9186: Fixed: In HTML5 <meta> tags should be allowed everywhere, including inside the <body> element.
The CKEditor testing environment is now publicly available. CKEditor tests can be found in the tests/ directory. Read more about how to set up the environment and execute tests in the CKEditor Testing Environment guide.
Please note that the "tests" folder is not available in release packages, it is available only in the development version of CKEditor available on GitHub.
New Features:
#11909: Introduced a parameter to prevent the editor.setData() method from recording undo snapshots.