Fixed XSS vulnerability in the HTML parser reported by Maco Cortes.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.
An upgrade is highly recommended!
- #12501: Allowed dashes in element names in the string format of allowed content rules.
- #12550: Added the
<main>element to the
- #12506: [Safari] Fixed: Cannot paste into inline editor if the page has
user-select: nonestyle. Thanks to shaohua!
- #12683: Fixed: Filter fails to remove custom tags. Thanks to timselier!
- #12489 and #12491: Fixed: Various issues related to restoring the selection after performing operations on filler character. See the fixed cases.
- #12621: Fixed: Cannot remove inline styles (bold, italic, etc.) in empty lines.
- #12630: [Chrome] Fixed: Selection is placed outside the paragraph when the New Page button is clicked. This patch significantly simplified the way how the initial selection (a selection after the content of the editable is overwritten) is being fixed. That might have fixed many related scenarios in all browsers.
- #11647: Fixed: The
editor.blurevent is not fired on first blur after initializing the inline editor on an already focused element.
- #12601: Fixed: Strikethrough button tooltip spelling.
- #12546: Fixed: The Preview tab in the Document Properties dialog window is always disabled.
- #12300: Fixed: The
editor.changeevent fired on first navigation key press after typing.
- #12141: Fixed: List items are lost when indenting a list item with content wrapped with a block element.
- #12515: Fixed: Cursor is in the wrong position when undoing after adding an image and typing some text.
- #12484: [Blink/Webkit] Fixed: DOM is changed outside the editor area in a certain case.
- #12688: Improved the tests of the styles system and fixed two minor issues.
- #12403: Fixed: Changing the font style should not lead to nesting it in the previous style element.
- #12609: Fixed: Incorrect
config.magicline_putEverywherename used for a Magic Line all-encompassing