Fixed Issues:

  • #13609: [Edge] Fixed: The browser crashes when switching to the source mode. Thanks to Andrew Williams and Mark Smeed!
  • PR#201: Fixed: Buttons in the toolbar configurator cause form submission. Thanks to colemanw!
  • #13422: Fixed: A monospaced font should be used in the <textarea> element storing editor configuration in the toolbar configurator.
  • #13494: Fixed: Error thrown in the toolbar configurator if plugin requirements are not met.
  • #13409: Fixed: List elements incorrectly merged when pressing Backspace or Delete.
  • #13434: Fixed: Dialog state indicator broken in Right–To–Left environments.
  • #13460: [IE8] Fixed: Copying inline widgets is broken when Advanced Content Filter is disabled.
  • #13495: [Firefox, IE] Fixed: Text is not word-wrapped in the Paste dialog window.
  • #13528: [Firefox@Windows] Fixed: Content copied from Microsoft Word and other external applications is pasted as a plain text. Removed the CKEDITOR.plugins.clipboard.isHtmlInExternalDataTransfer property as the check must be dynamic.
  • #13583: Fixed: DataTransfer.getData() should work consistently in all browsers and should not strip valuable content. Fixed pasting tables from Microsoft Excel on Chrome.
  • #13468: [IE] Fixed: Binding drag&drop dataTransfer does not work if text data was set in the meantime.
  • #13451: [IE8-9] Fixed: One drag&drop operation may affect following ones.
  • #13184: Fixed: Web page reloaded after a drop on editor UI.
  • #13129 Fixed: Block widget blurred after a drop followed by an undo.
  • #13397: Fixed: Drag&drop of a widget inside its nested widget crashes the editor.
  • #13385: Fixed: editor.getSnapshot() may return a non-string value.
  • #13419: Fixed: The Auto Link plugin does not encode double quotes in URLs.
  • #13420: Fixed: The Auto Embed plugin ignores encoded characters in URL parameters.
  • #13410: Fixed: Error thrown in the Auto Embed plugin when undoing right after pasting a link.
  • #13566: Fixed: Suppressed notifications in the Media Embed Base plugin.
  • #11616: [Chrome] Fixed: Resizing the editor while it is not displayed breaks the editable. Fixes also #9160 and#9715.
  • #11376: [IE11] Fixed: Loss of text when pasting bulleted lists from Microsoft Word.
  • #13143: [Edge] Fixed: Focus lost when opening the panel.
  • #13387: [Edge] Fixed: "Permission denied" error thrown when loading the editor with developer tools open.
  • #13574: [Edge] Fixed: "Permission denied" error thrown when opening editor dialog windows.
  • #13441: [Edge] Fixed: The Clipboard plugin breaks the state of Undo commands after a paste.
  • #13554: [Edge] Fixed: Paste dialog's iframe does not receive focus on show.
  • #13440: [Edge] Fixed: Unable to paste a widget.

Other Changes:

Fixed Issues:

  • #13486: Fixed: The Upload Image plugin should log an error, not throw an error when upload URL is not set.

New Features:

Fixed Issues:

  • #13334: Fixed: Error after nesting widgets and playing with undo/redo.
  • #13118: Fixed: The editor.getSelectedHtml() method throws an error when called in the source mode.
  • #13158: Fixed: Error after canceling a dialog when creating a widget.
  • #13197: Fixed: Linked inline Enhanced Image alignment class is not transferred to the widget wrapper.
  • #13199: Fixed: Semantic Embed does not support widget classes.
  • #13003: Fixed: Anchors are uploaded when moving them by drag and drop.
  • #13032: Fixed: When upload is done, notification update should be marked as important.
  • #13300: Fixed: The internalCommit argument in the Image dialog seems to be never used.
  • #13036: Fixed: Notifications are moved 10px to the right.
  • #13280: [IE8] Fixed: Undo after inline widget drag&drop throws an error.
  • #13186: Fixed: Content dropped into a nested editable is not filtered by Advanced Content Filter.
  • #13140: Fixed: Error thrown when dropping a block widget right after itself.
  • #13176: [IE8] Fixed: Errors on drag&drop of embed widgets.
  • #13015: Fixed: Dropping an image file on Enhanced Image causes a page reload.
  • #13080: Fixed: Ugly notification shown when the response contains HTML content.
  • #13011: [IE8] Fixed: Anchors are duplicated on drag&drop in specific locations.
  • #13105: Fixed: Various issues related to CKEDITOR.tools.htmlEncode() and CKEDITOR.tools.htmlDecode()methods.
  • #11976: [Chrome] Fixed: Copy&paste and drag&drop lists from Microsoft Word.
  • #13128: Fixed: Various issues with cloning element IDs:
  • Toolbar configurators:
    • #13185: Fixed: Wrong position of the suggestion box if there is not enough space below the caret.
    • #13138: Fixed: The "Toggle empty elements" button label is unclear.
    • #13136: Fixed: Autocompleter is far too intrusive.
    • #13133: Fixed: Tab leaves the editor.
    • #13173: Fixed: config.removeButtons is ignored by the advanced toolbar configurator.

Other Changes:

Security Updates:

  • Fixed XSS vulnerability in the HTML parser reported by Dheeraj Joshi and Prem Kumar.

    Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.

An upgrade is highly recommended!

Fixed Issues:

Other Changes:

New Features:

  • Clipboard (copy&paste, drag&drop) and file uploading features and improvements (#11437).

    • Major features:

      • Support for dropping and pasting files into the editor was introduced. Through a set of new facades for native APIs it is now possible to easily intercept and process inserted files.
      • File upload tools were introduced in order to simplify controlling the loading, uploading and handling server response, properly handle new upload configuration options, etc.
      • Image upload widget was introduced to upload dropped images. A base class for the upload widget was exposed, too, to make it simple to create new types of upload widgets which can handle any type of dropped file, show the upload progress and update the content when the process is done. It also handles editing and undo/redo operations when a file is being uploaded and integrates with the notification aggregator to show progress and success or error.
      • All drag and drop operations were integrated with the editor. All dropped content is passed through the editor#paste event and a set of new editor events was introduced — dragstart, drop, dragend.
      • The Data Transfer facade was introduced to unify access to data in various types and files. Data Transfer is now always available in the editor#paste event.
      • Switched from the pastebin to using the native clipboard access whenever possible. This solved many issues related to pastebin such as unnecessary scrolling or data loss. Additionally, on copy and cut from the editor the clipboard data is set. Therefore, on paste the editor has access to clean data, undisturbed by the browsers.
      • Drag and drop of inline and block widgets was integrated with the standard clipboard APIs. By listening to drag events you will thus be notified about widgets, too. This opens a possibility to filter pasted and dropped widgets.
      • The editor#paste event can have the range parameter so it is possible to change the paste position in the listener or paste in the not selectable position. Also the editor.insertHtml() method now accepts range as an additional parameter.
      • #11621: A configurable paste filter was introduced. The filter is by default turned to 'semantic-content' on Webkit and Blink for all pasted content coming from external sources because of the low quality of HTML that these engines put into the clipboard. Internal and cross-editor paste is safe due to the change explained in the previous point.
    • Other changes and related fixes:

      • #12095: On drag and copy of widgets the same method is used to get selected HTML as in the normal case. Thanks to that styles applied to inline widgets are not lost.
      • #11219: Fixed: Dragging a captioned image does not fire the editor#paste event.
      • #9554: [Webkit Mac] Fixed: Editor scrolls on paste.
      • #9898: [Webkit&Divarea] Fixed: Pasting causes undesirable scrolling.
      • #11993: [Chrome] Fixed: Pasting content scrolls the document.
      • #12613: Show the user that they can not drop on editor UI (toolbar, bottom bar).
      • #12851: [Blink/Webkit] Fixed: Formatting disappears when pasting content into cells.
      • #12914: Fixed: Copy/Paste of table broken in div-based editor.
    • Browser support.
      Browser support for related features varies significantly (see http://caniuse.com/clipboard).

      • File APIs needed to operate and file upload is not supported in Internet Explorer 9 and below.
      • Only Chrome and Safari on Mac OS support setting custom data items in the clipboard, so currently it is possible to recognize the origin of the copied content in these browsers only. All drag and drop operations can be identified thanks to the new Data Transfer facade.
      • No Internet Explorer browser supports the standard clipboard API which results in small glitches like where only plain text can be dropped from outside the editor. Thanks to the new Data Transfer facade, internal and cross-editor drag and drop supports the full range of data.
      • Direct access to clipboard could only be implemented in Chrome, Safari on Mac OS, Opera and Firefox. In other browsers the pastebin must still be used.
  • #12875: Samples and toolbar configuration tools.

    • The old set of samples shipped with every CKEditor package was replaced with a shiny new single-page sample. This change concluded a long term plan which started from introducing the CKEditor SDK and CKEditor Functionality Overview section in the documentation which essentially redefined the old samples.
    • Toolbar configurators with live previews were introduced. They will be shipped with every CKEditor package and are meant to help in configuring toolbar layouts.
  • #10925: The Media Embed and Semantic Media Embed plugins were introduced. Read more about the new features in the Embedding Content article.

  • #10931: Added support for nesting widgets. It is now possible to insert one widget into another widget's nested editable. Note that unless nested editable's allowed content is defined precisely, starting from CKEditor 4.5 some widget buttons may become enabled. This feature is not supported in IE8. Included issues:

    • #12018: Fixed and reviewed: Nested widgets garbage collection.
    • #12024: [Firefox] Fixed: Outline is extended to the left by unpositioned drag handlers.
    • #12006: Fixed: Drag and drop of nested block widgets.
    • #12008: Fixed various cases of inserting a single non-editable element using the editor.insertHtml() method. Fixes pasting a widget with a nested editable inside another widget's nested editable.
  • Notification system:

  • #11636: Introduced new, UX-focused, methods for getting selected HTML and deleting it — editor.getSelectedHtml() and editor.deleteSelectedHtml().
  • #12416: Added the widget.definition.upcastPriority property which gives more control over widget upcasting order to the widget author.
  • #12036: Initialize the editor in read-only mode when the <textarea> element has a readonly attribute.
  • #11905: The resize event passes the current dimensions in its data.
  • #12126: Introduced config.image_prefillDimensions and config.image2_prefillDimensions to make pre-filling width and height configurable for the Enhanced Image.
  • #12746: Added a new configuration option to hide the Enhanced Image resizer.
  • #12150: Exposed the getNestedEditable() and is* widget helper functions (see the static methods).
  • #12448: Introduced the editable.insertHtmlIntoRange method.
  • #12143: Added the config.floatSpacePreferRight configuration option that switches the alignment of the floating toolbar. Thanks to InvisibleBacon!
  • #10986: Added support for changing dialog input and textarea text directions by using the Shift+Alt+Home/End keystrokes. The direction is stored in the value of the input by prepending the \u202A or \u202B marker to it. Read more in the documentation. Thanks to edithkk!
  • #12770: Added support for passing widget's startup data as a widget command's argument. Thanks to Rebrov Boris and Tieme van Veen!
  • #11583: Added support for the HTML5 required attribute in various form elements. Thanks to Steven Busse!

Changes:

Fixed issues:

  • #11586: Fixed: range.cloneContents() should not change the DOM in order to not affect selection.
  • #12148: Fixed: dom.element.getChild() should not modify a passed array.
  • #12503: [Blink/Webkit] Fixed: Incorrect result of select all and Backspace or Delete.
  • #13001: [Firefox] Fixed: The <br /> filler is placed in the wrong position by the range.fixBlock method due to Firefox quirky behavior.
  • #13101: [IE8] Fixed: IE8 prepends colons to HTML5 element names when cloning them.

Fixed Issues:

  • #12825: Fixed: Preventing the Table Resize plugin from operating on elements outside the editor. Thanks to Paul Martin!
  • #12157: Fixed: Lost text formatting on pressing Tab when the config.tabSpaces configuration option value was greater than zero.
  • #12777: Fixed: The table-layout CSS property should be reset by skins. Thanks to vita10gy!
  • #12812: Fixed: An uncaught security exception is thrown when Line Utilities are used in an inline editor loaded in a cross-domain iframe. Thanks to Vitaliy Zurian!
  • #12735: Fixed: config.fillEmptyBlocks should only apply when outputting data.
  • #10032: Fixed: Paste from Word filter is executed for every paste after using the button.
  • #12597: [Blink/Webkit] Fixed: Multi-byte Japanese characters entry not working properly after Shift+Enter.
  • #12387: Fixed: An error is thrown if a skin does not have the chameleon property defined and config.uiColor is defined.
  • #12747: [IE8-10] Fixed: Opening a drop-down for a specific selection when the editor is maximized results in incorrect drop-down panel position.
  • #12850: [IEQM] Fixed: An error is thrown after focusing the editor.

Security Updates:

  • Fixed XSS vulnerability in the HTML parser reported by Maco Cortes.

    Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.

An upgrade is highly recommended!

New Features:

Fixed Issues:

  • #12506: [Safari] Fixed: Cannot paste into inline editor if the page has user-select: none style. Thanks to shaohua!
  • #12683: Fixed: Filter fails to remove custom tags. Thanks to timselier!
  • #12489 and #12491: Fixed: Various issues related to restoring the selection after performing operations on filler character. See the fixed cases.
  • #12621: Fixed: Cannot remove inline styles (bold, italic, etc.) in empty lines.
  • #12630: [Chrome] Fixed: Selection is placed outside the paragraph when the New Page button is clicked. This patch significantly simplified the way how the initial selection (a selection after the content of the editable is overwritten) is being fixed. That might have fixed many related scenarios in all browsers.
  • #11647: Fixed: The editor.blur event is not fired on first blur after initializing the inline editor on an already focused element.
  • #12601: Fixed: Strikethrough button tooltip spelling.
  • #12546: Fixed: The Preview tab in the Document Properties dialog window is always disabled.
  • #12300: Fixed: The editor.change event fired on first navigation key press after typing.
  • #12141: Fixed: List items are lost when indenting a list item with content wrapped with a block element.
  • #12515: Fixed: Cursor is in the wrong position when undoing after adding an image and typing some text.
  • #12484: [Blink/Webkit] Fixed: DOM is changed outside the editor area in a certain case.
  • #12688: Improved the tests of the styles system and fixed two minor issues.
  • #12403: Fixed: Changing the font style should not lead to nesting it in the previous style element.
  • #12609: Fixed: Incorrect config.magicline_putEverywhere name used for a Magic Line all-encompassingconfig.magicline_everywhere configuration option.


New Features:

Fixed Issues:

  • #12423: [Safari7.1+] Fixed: Enter key moved cursor to a strange position.
  • #12381: [iOS] Fixed: Selection issue. Thanks to Remiremi!
  • #10804: Fixed: CKEDITOR_GETURL is not used with some plugins where it should be used. Thanks to Thomas Andraschko!
  • #9137: Fixed: The <base> tag is not created when <head> has an attribute. Thanks to naoki.fujikawa!
  • #12377: Fixed: Errors thrown in the Image plugin when removing preview from the dialog window definition. Thanks to Axinet!
  • #12162: Fixed: Auto paragraphing and Enter key in nested editables.
  • #12315: Fixed: Marked config.autoParagraph as deprecated.
  • #12113: Fixed: A code snippet should be presented in the elements path as "code snippet" (translatable).
  • #12311: Fixed: Remove Format should also remove <cite> elements.
  • #12261: Fixed: Filter has to be destroyed and removed from CKEDITOR.filter.instances on editor destroy.
  • #12398: Fixed: Maximize does not work on an instance without a title.
  • #12097: Fixed: JAWS not reading the number of options correctly in the Text Color and Background Color button menu.
  • #12411: Fixed: Page Break used directly in the editable breaks the editor.
  • #12354: Fixed: Various issues in undo manager when holding keys.
  • #12324: [IE8] Fixed: Undo steps are not recorded when changing the caret position by clicking below the body.
  • #12332: Fixed: Lowered DOM events listeners' priorities in undo manager in order to avoid ambiguity.
  • #12402: [Blink] Fixed: Workaround for Blink bug with document.title which breaks updating title in the full HTML mode.
  • #12338: Fixed: The CKEditor package contains unoptimized images.

 

Fixed Issues:

  • #12268: Cleanup of UI Color YUI styles. Thanks to CasherWest!
  • #12263: Fixed: Paste from Word filter does not properly normalize semicolons style text. Thanks to Alin Purcaru!
  • #12243: Fixed: Text formatting lost when pasting from Word. Thanks to Alin Purcaru!
  • #111739: Fixed: keypress listeners should not be used in the undo manager. A complete rewrite of keyboard handling in the undo manager was made. Numerous smaller issues were fixed, among others:
  • #10916: Fixed: Magic Line icon in Right-To-Left environments.
  • #11970: [IE] Fixed: CKEditor paste event is not fired when pasting with Shift+Ins.
  • #12111: Fixed: Linked image attributes are not read when opening the image dialog window by doubleclicking.
  • #10030: [IE] Fixed: Prevented "Unspecified Error" thrown in various cases when IE8-9 does not allow access todocument.activeElement.
  • #12273: Fixed: Applying block style in a description list breaks it.
  • #12218: Fixed: Minor syntax issue in CSS files.
  • #12178: [Blink/WebKit] Fixed: Iterator does not return the block if the selection is located at the end of it.
  • #12185: [IE9QM] Fixed: Error thrown when moving the mouse over focused editor's scrollbar.
  • #12215: Fixed: Basepath resolution does not recognize semicolon as a query separator.
  • #12135: Fixed: Remove Format does not work on widgets.
  • #12298: [IE11] Fixed: Clicking below <body> in Compatibility Mode will no longer reset selection to the first line.
  • #12204: Fixed: Editor's voice label is not affected by config.title.
  • #11915: Fixed: With SCAYT enabled, cursor moves to the beginning of the first highlighted, misspelled word after typing or pasting into the editor.
  • SCAYT: Fixed: Error thrown in the console after enabling SCAYT and trying to add a new image.

Other Changes:

  • #12296: Merged benderjs-ckeditor into the main CKEditor repository.

Security Updates:

  • Fixed XSS vulnerability in the Preview plugin reported by Mario Heiderich of Cure53.

An upgrade is highly recommended!

New Features:

  • #12164: Added the "Justify" option to the "Horizontal Alignment" drop-down in the Table Cell Properties dialog window.

Fixed Issues:

  • #12110: Fixed: Editor crash after deleting a table. Thanks to Alin Purcaru!
  • #11897: Fixed: Enter key used in an empty list item creates a new line instead of breaking the list. Thanks to noam-si!
  • #12140: Fixed: Double-clicking linked widgets opens two dialog windows.
  • #12132: Fixed: Image is inserted with width and height styles even when they are not allowed.
  • #9317: [IE] Fixed: config.disableObjectResizing does not work on IE. Note: We were not able to fix this issue on IE11+ because necessary events stopped working. See a last resort workaround and make sure to support our complaint to Microsoft.
  • #9638: Fixed: There should be no information about accessibility help available under the Alt+0 keyboard shortcut if theAccessibility Help plugin is not available.
  • #8117 and #9186: Fixed: In HTML5 <meta> tags should be allowed everywhere, including inside the <body> element.
  • #10422: Fixed: config.fillEmptyBlocks not working properly if a function is specified.
Twitter Facebook Facebook Instagram Medium Linkedin GitHub Arrow down Phone Menu Close icon Check