Issue summary: It was possible to execute an XSS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted HTML code into the Color Button dialog.
An upgrade is highly recommended!
#4293: Fixed: The
CKEDITOR.inlineAll()method tries to initialize inline editor also on elements with an editor already attached to them.
- #3961: Fixed: The Table Resize plugin prevents editing of merged cells.
- #3649: Fixed: Applying a block format should remove existing block styles.
- #4282: Fixed: The script loader does not execute callback for scripts already loaded when called for the second time. Thanks to Alexander Korotkevich!
#4273: Fixed: A memory leak in the
CKEDITOR.domReady()method connected with not removing
loadevent listeners. Thanks to rohit1!
#1330: Fixed: Incomplete CSS margin parsing if an
0value is used.
#4286: Fixed: The Auto Grow plugin causes the editor width to be set to
0on editor resize.
- #848: Fixed: Arabic text not being "bound" correctly when pasting. Thanks to Thomas Hunkapiller and J. Ivan Duarte Rodríguez!
#3940: Introduced the
colorNameproperty for customizing foreground and background styles in the Color Button plugin via the
- #3793: Introduced the Editor Placeholder plugin.
- #1795: The colors picked from the Color Dialog are now stored in the Color Button palette and can be reused easily.
- #3783: The colors used in the document are now displayed as a part of the Color Button palette.
- #4060: Fixed: The content inside a widget nested editable is escaped twice.
- #4183: [Safari] Fixed: Incorrect image dimensions when using the Easy Image plugin alongside the IFrame Editing Area plugin.
- #3693: Fixed: Incorrect default values for several Color Button configuration variables in the API documentation.
#3795: Fixed: Setting the
config.dataIndentationCharsconfiguration option to an empty string is ignored and replaced by a tab (
\t) character. Thanks to Thomas Grinderslev!
- #4107: Fixed: Multiple Autocomplete instances cause keyboard navigation issues.
#4041: Fixed: The
selection.scrollIntoViewmethod throws an error when the editor selection is not set.
- #3361: Fixed: Loading multiple custom editor configurations is prone to a race condition between these.
- #4007: Fixed: Screen readers do not announce the Rich Combo plugin is collapsed or expanded.
#4141: Fixed: The styles are incorrectly applied when there is a
<select>element inside the editor.
- #2607: Fixed: The Emoji plugin SVG icons file is not loaded in CORS context.
#3866: Fixed: The
config.readOnlyconfiguration option not considered for startup read-only mode of inline editor.
- #3931: [IE] Fixed: An error is thrown when pasting using the Paste button after accepting the browser Clipboard Access Prompt dialog.
- #3938: Fixed: Cannot navigate the Autocomplete panel with the keyboard after switching to source mode.
- #2823: [IE] Fixed: Cannot resize the last table column using the Table Resize plugin.
- #909: Fixed: The Table Resize plugin does not work when the editor is placed in an absolutely positioned container. Thanks to Roland Petto!
- #1959: Fixed: The Table Resize plugin does not work in a maximized editor when the Div Editing Area feature is enabled. Thanks to Roland Petto!
#3156: Fixed: Autolink
config.autolink_emailRegexoptions are not customizable. Thanks to Sergiy Dobrovolsky!
- #624: Fixed: Notification does not work with the bottom toolbar location.
- #3000: Fixed: Auto Embed does not work with the bottom toolbar location.
#1883: Fixed: The
editor.resize()method does not work with CSS units.
- #3926: Fixed: Dragging and dropping a widget sometimes produces an error.
- #4008: Fixed: Remove Format does not work with a collapsed selection.
- #3998: Fixed: An error is thrown when switching to the source mode using a custom Ctrl + Enter keystroke with the Widget plugin present.
Fixed XSS vulnerability in the HTML data processor reported by Michał Bentkowski of Securitum.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode or (i) copy the specially crafted HTML code, prepared by the attacker and (ii) paste it into CKEditor in WYSIWYG mode.
Fixed XSS vulnerability in the WebSpellChecker plugin reported by Pham Van Khanh from Viettel Cyber Security.
Issue summary: It was possible to execute XSS using CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, then (iii) switch back to WYSIWYG mode, and (iv) preview CKEditor content outside CKEditor editable area.
An upgrade is highly recommended!
- #2374: Added support for pasting rich content from LibreOffice Writer with the Paste from LibreOffice plugin.
- #2583: Changed emoji suggestion box to show the matched emoji name instead of an ID.
- #3748: Improved the color button state to reflect the selected editor content colors.
- #3661: Improved the Print plugin to respect styling rendered by the Preview plugin.
#3547: Active dialog tab now has the
widget.getClipboardHtml()support for dragging and dropping multiple widgets.
- #3587: [Edge, IE] Fixed: Widget with form input elements loses focus during typing.
#3705: [Safari] Fixed: Safari incorrectly removes blocks with the
editor.extractSelectedHtml()method after selecting all content.
#1306: Fixed: The Font plugin creates nested HTML
<span>tags when reapplying the same font multiple times.
- #3498: Fixed: The editor throws an error during the copy operation when a widget is partially selected.
- #2517: [Chrome, Firefox, Safari] Fixed: Inserting a new image when the selection partially covers an existing enhanced image widget throws an error.
- #3007: [Chrome, Firefox, Safari] Fixed: Cannot modify the editor content once the selection is released over a widget.
- #3698: Fixed: Cutting the selected text when a widget is partially selected merges paragraphs.
- #3387: Added the CKEDITOR.ui.richCombo.select() method.
#3727: Added new
bgColorcommands that apply the selected color chosen by the Color Button plugin.
#3728: Added new
fontSizecommands that apply the selected font style chosen by the Font plugin.
#3842: Added the
- #3775: Widget mask and parts can now be refreshed dynamically via API calls.
- #875: Fixed: Pasting inside the editor that contains a table with the Table Selection plugin after selecting all content replaces only the table element instead of the entire content.
- #3415: [Firefox] Fixed: Pasting individual list elements fails. Thanks to Jack Wickham!
- #3413: Fixed: Menu items with labels containing double quotes are rendered incorrectly.
- #3475: [Firefox] Fixed: Pasting plain text over existing content fails and throws an error.
#2027: Fixed: Incorrect email display text after reopening the Link dialog for display names starting with
- #3544: Fixed: The Special Characters dialog read incorrectly by screen readers due to empty table cells at the end.
- #1653: Fixed: Balloon Toolbar is not repositioned when the editor is scrolled with the Div Editing Area feature enabled.
- #3559: Fixed: Color Dialog is incorrectly positioned when used with another dialog.
#3593: Fixed: Cannot access a text or comment node when replacing an element node with them via
- #3524: Fixed: The Easy Image plugin throws an error when any image with an unsupported data type is pasted into the editor.
#3552: Fixed: Incorrect value of
CKEDITOR.plugins.widget.repository#selectedafter selecting the whole editor content.
- #3586: Fixed: Content pasted from Microsoft Excel is not correctly recognised by the Paste from Word plugin.
- #3585: [Firefox] Fixed: Microsoft Excel content is pasted as an image.
- #3625: [Firefox] Fixed: Microsoft PowerPoint content is pasted as an image.
- #3474: Fixed: Incorrect focus order after any tab in a dialog was clicked.
- #3689: Fixed: Cannot change dialog tabs with keyboard arrow keys after focusing any tab with a mouse click.
#3634: Added the