CKEditor 4.14.1

Fixed Issues:

Other Changes:

CKEditor 4.14.0

Security Updates:

  • Fixed XSS vulnerability in the HTML data processor reported by Michał Bentkowski of Securitum.

    Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode or (i) copy the specially crafted HTML code, prepared by the attacker and (ii) paste it into CKEditor in WYSIWYG mode.

  • Fixed XSS vulnerability in the WebSpellChecker plugin reported by Pham Van Khanh from Viettel Cyber Security.

    Issue summary: It was possible to execute XSS using CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, then (iii) switch back to WYSIWYG mode, and (iv) preview CKEditor content outside CKEditor editable area.

An upgrade is highly recommended!

New features:

Fixed Issues:

  • #3587: [Edge, IE] Fixed: Widget with form input elements loses focus during typing.
  • #3705: [Safari] Fixed: Safari incorrectly removes blocks with the editor.extractSelectedHtml() method after selecting all content.
  • #1306: Fixed: The Font plugin creates nested HTML <span> tags when reapplying the same font multiple times.
  • #3498: Fixed: The editor throws an error during the copy operation when a widget is partially selected.
  • #2517: [Chrome, Firefox, Safari] Fixed: Inserting a new image when the selection partially covers an existing enhanced image widget throws an error.
  • #3007: [Chrome, Firefox, Safari] Fixed: Cannot modify the editor content once the selection is released over a widget.
  • #3698: Fixed: Cutting the selected text when a widget is partially selected merges paragraphs.

API Changes:

CKEditor 4.13.1

Fixed Issues:

  • #875: Fixed: Pasting inside the editor that contains a table with the Table Selection plugin after selecting all content replaces only the table element instead of the entire content.
  • #3415: [Firefox] Fixed: Pasting individual list elements fails. Thanks to Jack Wickham!
  • #3413: Fixed: Menu items with labels containing double quotes are rendered incorrectly.
  • #3475: [Firefox] Fixed: Pasting plain text over existing content fails and throws an error.
  • #2027: Fixed: Incorrect email display text after reopening the Link dialog for display names starting with @.
  • #3544: Fixed: The Special Characters dialog read incorrectly by screen readers due to empty table cells at the end.
  • #1653: Fixed: Balloon Toolbar is not repositioned when the editor is scrolled with the Div Editing Area feature enabled.
  • #3559: Fixed: Color Dialog is incorrectly positioned when used with another dialog.
  • #3593: Fixed: Cannot access a text or comment node when replacing an element node with them via CKEDITOR.htmlParser.filter.
  • #3524: Fixed: The Easy Image plugin throws an error when any image with an unsupported data type is pasted into the editor.
  • #3552: Fixed: Incorrect value of CKEDITOR.plugins.widget.repository#selected after selecting the whole editor content.
  • #3586: Fixed: Content pasted from Microsoft Excel is not correctly recognised by the Paste from Word plugin.
  • #3585: [Firefox] Fixed: Microsoft Excel content is pasted as an image.
  • #3625: [Firefox] Fixed: Microsoft PowerPoint content is pasted as an image.
  • #3474: Fixed: Incorrect focus order after any tab in a dialog was clicked.
  • #3689: Fixed: Cannot change dialog tabs with keyboard arrow keys after focusing any tab with a mouse click.

API Changes:

CKEditor 4.13.0

New Features:

  • #835: Extended support for pasting from external applications:
  • #3315: Added support for strikethrough in the BBCode plugin. Thanks to Alexander Kahl!
  • #3175: Introduced selection optimization mechanism for handling incorrect selection behaviors in various browsers:
    • #3256: Triple-clicking in the last table cell and deleting content no longer pulls the content below into the table.
    • #3118: Selecting a paragraph with a triple-click and applying a heading applies the heading only to the selected paragraph.
    • #3161: Double-clicking a <span> element containing just one word creates a correct selection including the clicked <span> only.
  • #3359: Improved dialog positioning and behavior when the dialog is resized or moved, or the browser window is resized.
  • #2227: Added the config.linkDefaultProtocol configuration option that allows setting the default URL protocol for the Link plugin dialog.
  • #3240: Extended the CKEDITOR.plugins.widget#mask property to allow masking only the specified part of a widget.
  • #3138: Added the possibility to use the widgetDefinition.getClipboardHtml() method to customize the widget HTML during copy, cut and drag operations.

Fixed Issues:

  • #808: Fixed: Widgets and other content disappear on drag and drop in read-only mode.
  • #3260: Fixed: Widget drag handler is visible in read-only mode.
  • #3261: Fixed: A widget initialized using the dialog has an incorrect owner document.
  • #3198: Fixed: Blurring and focusing the editor when a widget is focused creates an additional undo step.
  • #2859: [IE, Edge] Fixed: Various editor UI elements react to right mouse button click:
  • #3158: [Chrome, Safari] Fixed: Undo plugin breaks with the filling character.
  • #504: [Edge] Fixed: The editor's selection is collapsed to the beginning of the content when focusing the editor for the first time.
  • #3101: Fixed: CKEDITOR.dom.range#_getTableElement() returns null instead of a table element for edge cases.
  • #3287: Fixed: initializes incorrectly if an AMD loader is present.
  • #3379: Fixed: Incorrect CKEDITOR.editor#getData() call when inserting content into the editor.
  • #941: Fixed: An error is thrown after styling a table cell text selected using the native selection when the Table Selection plugin is enabled.
  • #3136: [Firefox] Fixed: Clicking Balloon Toolbar items removes the native table selection.
  • #3381: [IE8] Fixed: The method does not accept non-objects.
  • #2395: [Android] Fixed: Focused input in a dialog is scrolled out of the viewport when the soft keyboard appears.
  • #453: Fixed: Link dialog has an invalid width when the editor is maximized and the browser window is resized.
  • #2138: Fixed: An email address containing a question mark is mishandled by the Link plugin.
  • #14613: Fixed: Race condition when loading plugins for an already destroyed editor instance throws an error.
  • #2257: Fixed: The editor throws an exception when destroyed shortly after it was created.
  • #3115: Fixed: Destroying the editor during the initialization throws an error.
  • #3354: [iOS] Fixed: Pasting no longer works on iOS version 13.
  • #3423 Fixed: Bookmarks can be created inside temporary elements.

API Changes:

CKEditor 4.12.1

Fixed Issues:

Twitter Facebook Facebook Instagram Medium Linkedin GitHub Arrow down Phone Menu Close icon Check