Fixed Issues:
- #2607: Fixed: The Emoji plugin SVG icons file is not loaded in CORS context.
-
#3866: Fixed: The
config.readOnlyconfiguration option not considered for startup read-only mode of inline editor. - #3931: [IE] Fixed: An error is thrown when pasting using the Paste button after accepting the browser Clipboard Access Prompt dialog.
- #3938: Fixed: Cannot navigate the Autocomplete panel with the keyboard after switching to source mode.
- #2823: [IE] Fixed: Cannot resize the last table column using the Table Resize plugin.
- #909: Fixed: The Table Resize plugin does not work when the editor is placed in an absolutely positioned container. Thanks to Roland Petto!
- #1959: Fixed: The Table Resize plugin does not work in a maximized editor when the Div Editing Area feature is enabled. Thanks to Roland Petto!
-
#3156: Fixed: Autolink
config.autolink_urlRegexandconfig.autolink_emailRegexoptions are not customizable. Thanks to Sergiy Dobrovolsky! - #624: Fixed: Notification does not work with the bottom toolbar location.
- #3000: Fixed: Auto Embed does not work with the bottom toolbar location.
-
#1883: Fixed: The
editor.resize()method does not work with CSS units. - #3926: Fixed: Dragging and dropping a widget sometimes produces an error.
- #4008: Fixed: Remove Format does not work with a collapsed selection.
- #3998: Fixed: An error is thrown when switching to the source mode using a custom Ctrl + Enter keystroke with the Widget plugin present.
Other Changes:
- Updated WebSpellChecker (WSC) and SpellCheckAsYouType (SCAYT) plugins:
- Fixed: Active Autocomplete panel causes active suggestions to be unnecessarily checked by the SCAYT spell checking mechanism.
Security Updates:
-
Fixed XSS vulnerability in the HTML data processor reported by Michał Bentkowski of Securitum.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode or (i) copy the specially crafted HTML code, prepared by the attacker and (ii) paste it into CKEditor in WYSIWYG mode.
-
Fixed XSS vulnerability in the WebSpellChecker plugin reported by Pham Van Khanh from Viettel Cyber Security.
Issue summary: It was possible to execute XSS using CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, then (iii) switch back to WYSIWYG mode, and (iv) preview CKEditor content outside CKEditor editable area.
An upgrade is highly recommended!
New features:
- #2374: Added support for pasting rich content from LibreOffice Writer with the Paste from LibreOffice plugin.
- #2583: Changed emoji suggestion box to show the matched emoji name instead of an ID.
- #3748: Improved the color button state to reflect the selected editor content colors.
- #3661: Improved the Print plugin to respect styling rendered by the Preview plugin.
-
#3547: Active dialog tab now has the
aria-selected="true"attribute. -
#3441: Improved
widget.getClipboardHtml()support for dragging and dropping multiple widgets.
Fixed Issues:
- #3587: [Edge, IE] Fixed: Widget with form input elements loses focus during typing.
-
#3705: [Safari] Fixed: Safari incorrectly removes blocks with the
editor.extractSelectedHtml()method after selecting all content. -
#1306: Fixed: The Font plugin creates nested HTML
<span>tags when reapplying the same font multiple times. - #3498: Fixed: The editor throws an error during the copy operation when a widget is partially selected.
- #2517: [Chrome, Firefox, Safari] Fixed: Inserting a new image when the selection partially covers an existing enhanced image widget throws an error.
- #3007: [Chrome, Firefox, Safari] Fixed: Cannot modify the editor content once the selection is released over a widget.
- #3698: Fixed: Cutting the selected text when a widget is partially selected merges paragraphs.
API Changes:
- #3387: Added the CKEDITOR.ui.richCombo.select() method.
-
#3727: Added new
textColorandbgColorcommands that apply the selected color chosen by the Color Button plugin. -
#3728: Added new
fontandfontSizecommands that apply the selected font style chosen by the Font plugin. -
#3842: Added the
editor.getSelectedRanges()alias. - #3775: Widget mask and parts can now be refreshed dynamically via API calls.
Fixed Issues:
- #875: Fixed: Pasting inside the editor that contains a table with the Table Selection plugin after selecting all content replaces only the table element instead of the entire content.
- #3415: [Firefox] Fixed: Pasting individual list elements fails. Thanks to Jack Wickham!
- #3413: Fixed: Menu items with labels containing double quotes are rendered incorrectly.
- #3475: [Firefox] Fixed: Pasting plain text over existing content fails and throws an error.
-
#2027: Fixed: Incorrect email display text after reopening the Link dialog for display names starting with
@. - #3544: Fixed: The Special Characters dialog read incorrectly by screen readers due to empty table cells at the end.
- #1653: Fixed: Balloon Toolbar is not repositioned when the editor is scrolled with the Div Editing Area feature enabled.
- #3559: Fixed: Color Dialog is incorrectly positioned when used with another dialog.
-
#3593: Fixed: Cannot access a text or comment node when replacing an element node with them via
CKEDITOR.htmlParser.filter. - #3524: Fixed: The Easy Image plugin throws an error when any image with an unsupported data type is pasted into the editor.
-
#3552: Fixed: Incorrect value of
CKEDITOR.plugins.widget.repository#selectedafter selecting the whole editor content. - #3586: Fixed: Content pasted from Microsoft Excel is not correctly recognised by the Paste from Word plugin.
- #3585: [Firefox] Fixed: Microsoft Excel content is pasted as an image.
- #3625: [Firefox] Fixed: Microsoft PowerPoint content is pasted as an image.
- #3474: Fixed: Incorrect focus order after any tab in a dialog was clicked.
- #3689: Fixed: Cannot change dialog tabs with keyboard arrow keys after focusing any tab with a mouse click.
API Changes:
-
#3634: Added the
CKEDITOR.plugins.clipboard.dataTransfer#getTypes()method.
New Features:
-
#835: Extended support for pasting from external applications:
- Added support for pasting rich content from Google Docs with the Paste from Google Docs plugin.
- Added a new Paste Tools plugin for unified paste handling.
- #3315: Added support for strikethrough in the BBCode plugin. Thanks to Alexander Kahl!
-
#3175: Introduced selection optimization mechanism for handling incorrect selection behaviors in various browsers:
- #3256: Triple-clicking in the last table cell and deleting content no longer pulls the content below into the table.
- #3118: Selecting a paragraph with a triple-click and applying a heading applies the heading only to the selected paragraph.
-
#3161: Double-clicking a
<span>element containing just one word creates a correct selection including the clicked<span>only.
- #3359: Improved dialog positioning and behavior when the dialog is resized or moved, or the browser window is resized.
-
#2227: Added the
config.linkDefaultProtocolconfiguration option that allows setting the default URL protocol for the Link plugin dialog. -
#3240: Extended the
CKEDITOR.plugins.widget#maskproperty to allow masking only the specified part of a widget. -
#3138: Added the possibility to use the
widgetDefinition.getClipboardHtml()method to customize the widget HTML during copy, cut and drag operations.
Fixed Issues:
- #808: Fixed: Widgets and other content disappear on drag and drop in read-only mode.
- #3260: Fixed: Widget drag handler is visible in read-only mode.
- #3261: Fixed: A widget initialized using the dialog has an incorrect owner document.
- #3198: Fixed: Blurring and focusing the editor when a widget is focused creates an additional undo step.
-
#2859: [IE, Edge] Fixed: Various editor UI elements react to right mouse button click:
- #2845: Rich Combo.
- #2857: List Block.
- #2858: Menu.
- #3158: [Chrome, Safari] Fixed: Undo plugin breaks with the filling character.
- #504: [Edge] Fixed: The editor's selection is collapsed to the beginning of the content when focusing the editor for the first time.
-
#3101: Fixed:
CKEDITOR.dom.range#_getTableElement()returnsnullinstead of a table element for edge cases. -
#3287: Fixed:
CKEDITOR.tools.promiseinitializes incorrectly if an AMD loader is present. -
#3379: Fixed: Incorrect
CKEDITOR.editor#getData()call when inserting content into the editor. - #941: Fixed: An error is thrown after styling a table cell text selected using the native selection when the Table Selection plugin is enabled.
- #3136: [Firefox] Fixed: Clicking Balloon Toolbar items removes the native table selection.
-
#3381: [IE8] Fixed: The
CKEDITOR.tools.object.keys()method does not accept non-objects. - #2395: [Android] Fixed: Focused input in a dialog is scrolled out of the viewport when the soft keyboard appears.
- #453: Fixed: Link dialog has an invalid width when the editor is maximized and the browser window is resized.
- #2138: Fixed: An email address containing a question mark is mishandled by the Link plugin.
- #14613: Fixed: Race condition when loading plugins for an already destroyed editor instance throws an error.
- #2257: Fixed: The editor throws an exception when destroyed shortly after it was created.
- #3115: Fixed: Destroying the editor during the initialization throws an error.
- #3354: [iOS] Fixed: Pasting no longer works on iOS version 13.
- #3423 Fixed: Bookmarks can be created inside temporary elements.
API Changes:
-
#3154: Added the
CKEDITOR.tools.array.some()method. -
#3245: Added the
CKEDITOR.plugins.undo.UndoManager.addFilterRule()method that allows filtering undo snapshot contents. -
#2845: Added the
CKEDITOR.tools.normalizeMouseButton()method. -
#2975: Added the
CKEDITOR.dom.element#fireEventHandler()method. -
#3247: Extended the
CKEDITOR.tools.bind()method to accept arguments for bound functions. -
#3326: Added the
CKEDITOR.dom.text#isEmpty()method. -
#2423: Added the
CKEDITOR.plugins.dialog.getModel()andCKEDITOR.plugins.dialog.getMode()methods with theirCKEDITOR.plugin.definitioncounterparts, allowing to get the dialog subject of a change. -
#3124: Added the
CKEDITOR.dom.element#isDetached()method.
Fixed Issues:
- #3220: Fixed: Prevent Paste from Word filter from deleting Page Break elements on paste.