CKEditor 4

Security Updates:

  • Fixed XSS vulnerability in the core module reported by William Bowling.

    Issue summary: The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. See security advisory for more details.

  • Fixed XSS vulnerability in the core module reported by Maurice Dauer.

    Issue summary: The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. See security advisory for more details.

You can read more details in the relevant security advisory and contact us if you have more questions.

An upgrade is highly recommended!

Highlights:

Adobe ended support of Flash Player on December 31, 2020 and blocked Flash content from running in Flash Player beginning January 12, 2021. We have decided to deprecate and remove the Flash plugin from CKEditor 4 to help protect users' systems and discourage using insecure software.

New Features:

  • #3433: Marked required fields in dialogs with asterisk (*) symbol.
  • #4374: Integrated the Maximize plugin with browser's History API.
  • #4461: Introduced the possibility to delay editor initialization while it is in a detached DOM element.
  • #4462: Introduced support for reattaching editor container element to DOM.
  • #4612: Allow pasting images as Base64 from clipboard in all browsers except IE.
  • #4681: Allow drag and drop images as Base64.
  • #4750: Added notification for pasting and dropping unsupported file types into the editor.
  • #4807: [Chrome] Improved the performance of pasting large images. Thanks to FlowIT-JIT!
  • #4850: Added support for loading content templates from HTML files. Thanks to Fynn96!
  • #4874: Added the config.clipboard_handleImages configuration option for enabling and disabling built-in support for pasting and dropping images in the Clipboard plugin. Thanks to FlowIT-JIT!
  • #4026Preview plugin now uses the editor#title property for the title of the preview window. Thanks to Ely!
  • #4467: Added support for inserting content next to a block widgets using keyboard navigation. Thanks to bunglegrind!

Fixed Issues:

  • #3757: [Firefox] Fixed: images pasted from clipboard are not inserted as Base64-encoded images.
  • #3876: Fixed: The Print plugin incorrectly prints links and images.
  • #4444: [Firefox] Fixed: Print preview is incorrectly loaded from CDN.
  • #4596: Fixed: Incorrect handling of HSL/HSLA values in CKEDITOR.tools.color.
  • #4597: Fixed: Incorrect color conversion for HSL/HSLA values in CKEDITOR.tools.color.
  • #4604: Fixed: CKEDITOR.plugins.clipboard.dataTransfer#getTypes() returns no types.
  • #4761: Fixed: Not all resources loaded by the editor respect the cache key.
  • #4783: Fixed: The Accessibility Help dialog does not contain info about focus being moved back to the editing area upon activating a toolbar button.
  • #4790: Fixed: Printing page is invoked before the printed page is fully loaded.
  • #4874: Fixed: Built-in support for pasting and dropping images in the Clipboard plugin restricts third party plugins from handling image pasting. Thanks to FlowIT-JIT!
  • #4888: Fixed: The CKEDITOR.dialog#setState() method throws error when there is no "OK" button in the dialog.
  • #4858: Fixed: The Autolink plugin incorrectly escapes the & characters when pasting links into the editor.
  • #4892: Fixed: Focus of buttons in dialogs is not visible enough in High Contrast mode.
  • #3858: Fixed: Pasting content in ENTER_BR enter mode crashes the editor.
  • #4891: Fixed: The Autogrow plugin applies fixed width to the editor.

API Changes:

Other Changes:

  • #4866: The Flash plugin is now deprecated and has been removed from CKEditor 4.
  • #4901: Redesigned buttons placement in the Content templates dialog to make it more UX friendly. Thanks to Fynn96!
Twitter Facebook Facebook Instagram Medium Linkedin GitHub Arrow down Phone Menu Close icon Check