Security Updates:
-
Fixed XSS vulnerability in the HTML parser reported by Dheeraj Joshi and Prem Kumar.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.
An upgrade is highly recommended!
Fixed Issues:
- #12899: Fixed: Corrected wrong tag ending for horizontal box definition in the Dialog User Interface plugin. Thanks to mizafish!
- #13254: Fixed: Cannot outdent block after indent when using the Div Editing Area plugin. Thanks to Jonathan Cottrill!
-
#13268: Fixed: Documentation for
CKEDITOR.dom.text
is incorrect. Thanks to Ben Kiefer! - #12739: Fixed: Link loses inline styles when edited without the Advanced Tab for Dialogs plugin. Thanks to Віталій Крутько!
-
#13292: Fixed: Protection pattern does not work in attribute in self-closing elements with no space before
/>
. Thanks to Віталій Крутько! -
PR#192: Fixed: Variable name typo in the Dialog User Interface plugin which caused
CKEDITOR.ui.dialog.radio
validation to not work. Thanks to Florian Ludwig! -
#13232: [Safari] Fixed: The
element.appendText()
method does not work properly for empty elements. -
#13233: Fixed: HTMLDataProcessor can process
foo:href
attributes. -
#12796: Fixed: The Indent List plugin unwraps parent
<li>
elements. Thanks to Andrew Stucki! -
#12885: Added missing
editor.getData()
parameter documentation. - #11982: Fixed: Bullet added in a wrong position after the Enter key is pressed in a nested list.
- #13027: Fixed: Keyboard navigation in dialog windows with multiple tabs not following IBM CI 162 instructions orARIA Authoring Practices.
- #12256: Fixed: Basic styles classes are lost when pasting from Microsoft Word if basic styles were configured to use classes.
- #12729: Fixed: Incorrect structure created when merging a block into a list item on Backspace and Delete.
- #13031: [Firefox] Fixed: No more line breaks in source view since Firefox 36.
- #13131: Fixed: The Code Snippet plugin cannot be used without the IFrame Editing Area plugin.
-
#9086: Fixed: Invalid ARIA property used on paste area
<iframe>
. - #13164: Fixed: Error when inserting a hidden field.
-
#13155: Fixed: Incorrect Line Utilities positioning when
<body>
has a margin. - #13351: Fixed: Link lost when editing a linked image with the Link tab disabled. This also fixed a bug when inserting an image into a fully selected link would throw an error (#12847).
- #13344: [WebKit/Blink] Fixed: It is possible to remove or change editor content in read-only mode.
Other Changes:
-
#12844 and #13103: Upgraded the testing environment to Bender.js
0.2.3
. -
#12930: Because of licensing issues,
truncated-mathjax/
is now removed from thetests/
directory. Nowbender.config.mathJaxLibPath
must be configured manually in order to run Mathematical Formulas plugin tests. - #13266: Added more shades of gray in the Color Dialog window. Thanks to mizafish!