Fixed XSS vulnerability in the HTML data processor reported by Michał Bentkowski of Securitum.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode or (i) copy the specially crafted HTML code, prepared by the attacker and (ii) paste it into CKEditor in WYSIWYG mode.
Fixed XSS vulnerability in the WebSpellChecker plugin reported by Pham Van Khanh from Viettel Cyber Security.
Issue summary: It was possible to execute XSS using CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, then (iii) switch back to WYSIWYG mode, and (iv) preview CKEditor content outside CKEditor editable area.
An upgrade is highly recommended!
- #2374: Added support for pasting rich content from LibreOffice Writer with the Paste from LibreOffice plugin.
- #2583: Changed emoji suggestion box to show the matched emoji name instead of an ID.
- #3748: Improved the color button state to reflect the selected editor content colors.
- #3661: Improved the Print plugin to respect styling rendered by the Preview plugin.
#3547: Active dialog tab now has the
widget.getClipboardHtml()support for dragging and dropping multiple widgets.
- #3587: [Edge, IE] Fixed: Widget with form input elements loses focus during typing.
#3705: [Safari] Fixed: Safari incorrectly removes blocks with the
editor.extractSelectedHtml()method after selecting all content.
#1306: Fixed: The Font plugin creates nested HTML
<span>tags when reapplying the same font multiple times.
- #3498: Fixed: The editor throws an error during the copy operation when a widget is partially selected.
- #2517: [Chrome, Firefox, Safari] Fixed: Inserting a new image when the selection partially covers an existing enhanced image widget throws an error.
- #3007: [Chrome, Firefox, Safari] Fixed: Cannot modify the editor content once the selection is released over a widget.
- #3698: Fixed: Cutting the selected text when a widget is partially selected merges paragraphs.
- #3387: Added the CKEDITOR.ui.richCombo.select() method.
#3727: Added new
bgColorcommands that apply the selected color chosen by the Color Button plugin.
#3728: Added new
fontSizecommands that apply the selected font style chosen by the Font plugin.
#3842: Added the
- #3775: Widget mask and parts can now be refreshed dynamically via API calls.
- #875: Fixed: Pasting inside the editor that contains a table with the Table Selection plugin after selecting all content replaces only the table element instead of the entire content.
- #3415: [Firefox] Fixed: Pasting individual list elements fails. Thanks to Jack Wickham!
- #3413: Fixed: Menu items with labels containing double quotes are rendered incorrectly.
- #3475: [Firefox] Fixed: Pasting plain text over existing content fails and throws an error.
#2027: Fixed: Incorrect email display text after reopening the Link dialog for display names starting with
- #3544: Fixed: The Special Characters dialog read incorrectly by screen readers due to empty table cells at the end.
- #1653: Fixed: Balloon Toolbar is not repositioned when the editor is scrolled with the Div Editing Area feature enabled.
- #3559: Fixed: Color Dialog is incorrectly positioned when used with another dialog.
#3593: Fixed: Cannot access a text or comment node when replacing an element node with them via
- #3524: Fixed: The Easy Image plugin throws an error when any image with an unsupported data type is pasted into the editor.
#3552: Fixed: Incorrect value of
CKEDITOR.plugins.widget.repository#selectedafter selecting the whole editor content.
- #3586: Fixed: Content pasted from Microsoft Excel is not correctly recognised by the Paste from Word plugin.
- #3585: [Firefox] Fixed: Microsoft Excel content is pasted as an image.
- #3625: [Firefox] Fixed: Microsoft PowerPoint content is pasted as an image.
- #3474: Fixed: Incorrect focus order after any tab in a dialog was clicked.
- #3689: Fixed: Cannot change dialog tabs with keyboard arrow keys after focusing any tab with a mouse click.
#3634: Added the
- #835: Extended support for pasting from external applications:
- #3315: Added support for strikethrough in the BBCode plugin. Thanks to Alexander Kahl!
#3175: Introduced selection optimization mechanism for handling incorrect selection behaviors in various browsers:
- #3256: Triple-clicking in the last table cell and deleting content no longer pulls the content below into the table.
- #3118: Selecting a paragraph with a triple-click and applying a heading applies the heading only to the selected paragraph.
#3161: Double-clicking a
<span>element containing just one word creates a correct selection including the clicked
- #3359: Improved dialog positioning and behavior when the dialog is resized or moved, or the browser window is resized.
#2227: Added the
config.linkDefaultProtocolconfiguration option that allows setting the default URL protocol for the Link plugin dialog.
#3240: Extended the
CKEDITOR.plugins.widget#maskproperty to allow masking only the specified part of a widget.
#3138: Added the possibility to use the
widgetDefinition.getClipboardHtml()method to customize the widget HTML during copy, cut and drag operations.
- #808: Fixed: Widgets and other content disappear on drag and drop in read-only mode.
- #3260: Fixed: Widget drag handler is visible in read-only mode.
- #3261: Fixed: A widget initialized using the dialog has an incorrect owner document.
- #3198: Fixed: Blurring and focusing the editor when a widget is focused creates an additional undo step.
- #2859: [IE, Edge] Fixed: Various editor UI elements react to right mouse button click:
- #3158: [Chrome, Safari] Fixed: Undo plugin breaks with the filling character.
- #504: [Edge] Fixed: The editor's selection is collapsed to the beginning of the content when focusing the editor for the first time.
nullinstead of a table element for edge cases.
CKEDITOR.tools.promiseinitializes incorrectly if an AMD loader is present.
#3379: Fixed: Incorrect
CKEDITOR.editor#getData()call when inserting content into the editor.
- #941: Fixed: An error is thrown after styling a table cell text selected using the native selection when the Table Selection plugin is enabled.
- #3136: [Firefox] Fixed: Clicking Balloon Toolbar items removes the native table selection.
#3381: [IE8] Fixed: The
CKEDITOR.tools.object.keys()method does not accept non-objects.
- #2395: [Android] Fixed: Focused input in a dialog is scrolled out of the viewport when the soft keyboard appears.
- #453: Fixed: Link dialog has an invalid width when the editor is maximized and the browser window is resized.
- #2138: Fixed: An email address containing a question mark is mishandled by the Link plugin.
- #14613: Fixed: Race condition when loading plugins for an already destroyed editor instance throws an error.
- #2257: Fixed: The editor throws an exception when destroyed shortly after it was created.
- #3115: Fixed: Destroying the editor during the initialization throws an error.
- #3354: [iOS] Fixed: Pasting no longer works on iOS version 13.
- #3423 Fixed: Bookmarks can be created inside temporary elements.
#3154: Added the
#3245: Added the
CKEDITOR.plugins.undo.UndoManager.addFilterRule()method that allows filtering undo snapshot contents.
#2845: Added the
#2975: Added the
#3247: Extended the
CKEDITOR.tools.bind()method to accept arguments for bound functions.
#3326: Added the
#2423: Added the
CKEDITOR.plugins.dialog.getMode()methods with their
CKEDITOR.plugin.definitioncounterparts, allowing to get the dialog subject of a change.
#3124: Added the
- #2598: Added the Page Break feature support for the Paste from Word plugin.
- #1490: Improved the Paste from Word plugin to retain table cell borders.
- #2870: Improved support for preserving the indentation of list items for nested lists pasted with the Paste from Wordplugin.
CKEDITOR.config.image2_maxSizeconfiguration option for the Enhanced Image plugin that allows setting a maximum size that an image can be resized to with the resizer.
- #2639: The Color Dialog plugin now shows the current selection's color when opened.
- #2084: The Table Tools plugin now allows to change the cell height unit type to either pixels or percent.
- #3164: The Table Tools plugin now accepts floating point values as the table cell width and height.
- #2672: Fixed: When resizing an Enhanced Image to a minimum size with the resizer, the image dialog does not show actual values.
#1478: Fixed: Custom colors added to Color Button with the
config.colorButton_colorsconfiguration option in the form of a label or code do not work correctly.
- #1469: Fixed: Trying to get data from a nested editable inside a freshly pasted widget throws an error.
- #2235: Fixed: An Image in a table cell has an empty URL field when edited from the context menu opened by right-click when the Table Selection plugin is in use.
- #3098: Fixed: Unit pickers for table cell width and height in the Table Tools plugin have a different width.
#2923: Fixed: The CSS
windowtextcolor is not correctly recognized by the
#3120: [IE8] Fixed: The
CKEDITOR.tools.extend()method does not work with the
DontEnumobject property attribute.
#2813: Fixed: Editor HTML insertion methods (
editor.insertElementIntoRange()) pollute the editable with empty
#2751: Fixed: An editor with
ENTER_DIValters pasted content.
#1496: The Balloon Toolbar plugin exposes the
#2021: Added new
#2700: Added the
#3123: Added the
#3123: Added the
#3123: Added the
CKEDITOR.template#sourceproperty can now be a function, so it can return the changed template values during the runtime. Thanks to Jacek Pulit!
#2598: Added the
CKEDITOR.plugins.pagebreak.createElement()method allowing to create a Page Break plugin
- #2748: Enhanced error messages thrown when creating an editor on a non-existent element or when trying to instantiate the second editor on the same element. Thanks to Byran Zaugg!
#2698: Added the
#2935: Introduced the
CKEDITOR.config.pasteFromWord_keepZeroMarginsconfiguration option that allows for keeping any
margin-*: 0style that would be otherwise removed when pasting content with the Paste from Wordplugin.
#2962: Added the
#2924: Added the
CKEDITOR.tools.style.borderobject wrapping CSS border style helpers under a single type.
#2495: The Table Selection plugin can now be disabled for the given table with the
#2692: Plugins can now expose information about the supported environment by implementing the
#2741: Replaced deprecated
arguments.calleecalls with named function expressions to allow the editor to work in strict mode.
CKEDITOR.tools.style.parse.border()as deprecated in favor of the
CKEDITOR.tools.objectKeys()as deprecated in favor of the