CKEditor 4.15.1

Security Updates:

  • Fixed XSS vulnerability in the Color History feature reported by Mark Wade.

    Issue summary: It was possible to execute an XSS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted HTML code into the Color Button dialog.

An upgrade is highly recommended!

Fixed Issues:

API Changes:

Other Changes:

CKEditor 4.15.0

New features:

Fixed Issues:

CKEditor 4.14.1

Fixed Issues:

Other Changes:

CKEditor 4.14.0

Security Updates:

  • Fixed XSS vulnerability in the HTML data processor reported by Michał Bentkowski of Securitum.

    Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode or (i) copy the specially crafted HTML code, prepared by the attacker and (ii) paste it into CKEditor in WYSIWYG mode.

  • Fixed XSS vulnerability in the WebSpellChecker plugin reported by Pham Van Khanh from Viettel Cyber Security.

    Issue summary: It was possible to execute XSS using CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, then (iii) switch back to WYSIWYG mode, and (iv) preview CKEditor content outside CKEditor editable area.

An upgrade is highly recommended!

New features:

Fixed Issues:

  • #3587: [Edge, IE] Fixed: Widget with form input elements loses focus during typing.
  • #3705: [Safari] Fixed: Safari incorrectly removes blocks with the editor.extractSelectedHtml() method after selecting all content.
  • #1306: Fixed: The Font plugin creates nested HTML <span> tags when reapplying the same font multiple times.
  • #3498: Fixed: The editor throws an error during the copy operation when a widget is partially selected.
  • #2517: [Chrome, Firefox, Safari] Fixed: Inserting a new image when the selection partially covers an existing enhanced image widget throws an error.
  • #3007: [Chrome, Firefox, Safari] Fixed: Cannot modify the editor content once the selection is released over a widget.
  • #3698: Fixed: Cutting the selected text when a widget is partially selected merges paragraphs.

API Changes:

CKEditor 4.13.1

Fixed Issues:

  • #875: Fixed: Pasting inside the editor that contains a table with the Table Selection plugin after selecting all content replaces only the table element instead of the entire content.
  • #3415: [Firefox] Fixed: Pasting individual list elements fails. Thanks to Jack Wickham!
  • #3413: Fixed: Menu items with labels containing double quotes are rendered incorrectly.
  • #3475: [Firefox] Fixed: Pasting plain text over existing content fails and throws an error.
  • #2027: Fixed: Incorrect email display text after reopening the Link dialog for display names starting with @.
  • #3544: Fixed: The Special Characters dialog read incorrectly by screen readers due to empty table cells at the end.
  • #1653: Fixed: Balloon Toolbar is not repositioned when the editor is scrolled with the Div Editing Area feature enabled.
  • #3559: Fixed: Color Dialog is incorrectly positioned when used with another dialog.
  • #3593: Fixed: Cannot access a text or comment node when replacing an element node with them via CKEDITOR.htmlParser.filter.
  • #3524: Fixed: The Easy Image plugin throws an error when any image with an unsupported data type is pasted into the editor.
  • #3552: Fixed: Incorrect value of CKEDITOR.plugins.widget.repository#selected after selecting the whole editor content.
  • #3586: Fixed: Content pasted from Microsoft Excel is not correctly recognised by the Paste from Word plugin.
  • #3585: [Firefox] Fixed: Microsoft Excel content is pasted as an image.
  • #3625: [Firefox] Fixed: Microsoft PowerPoint content is pasted as an image.
  • #3474: Fixed: Incorrect focus order after any tab in a dialog was clicked.
  • #3689: Fixed: Cannot change dialog tabs with keyboard arrow keys after focusing any tab with a mouse click.

API Changes:

Twitter Facebook Facebook Instagram Medium Linkedin GitHub Arrow down Phone Menu Close icon Check