Headline
CVE-2021-41165: ckeditor4/CHANGES.md at major · ckeditor/ckeditor4
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.
CKEditor 4 Changelog****CKEditor 4.17.1
Fixed issues:
- #4979: Added cache key in #4761 started to breaking relative links for external CSS resources. The fix had been reverted and will be corrected in the upcoming release.
CKEditor 4.17
Security Updates:
Fixed XSS vulnerability in the core module reported by William Bowling.
Issue summary: The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. See security advisory for more details.
Fixed XSS vulnerability in the core module reported by Maurice Dauer.
Issue summary: The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. See security advisory for more details.
You can read more details in the relevant security advisory and contact us if you have more questions.
An upgrade is highly recommended!
Highlights:
Adobe ended support of Flash Player on December 31, 2020 and blocked Flash content from running in Flash Player beginning January 12, 2021. We have decided to deprecate and remove the Flash plugin from CKEditor 4 to help protect users’ systems and discourage using insecure software.
New Features:
- #3433: Marked required fields in dialogs with asterisk (*) symbol.
- #4374: Integrated the Maximize plugin with browser’s History API.
- #4461: Introduced the possibility to delay editor initialization while it is in a detached DOM element.
- #4462: Introduced support for reattaching editor container element to DOM.
- #4612: Allow pasting images as Base64 from clipboard in all browsers except IE.
- #4681: Allow drag and drop images as Base64.
- #4750: Added notification for pasting and dropping unsupported file types into the editor.
- #4807: [Chrome] Improved the performance of pasting large images. Thanks to FlowIT-JIT!
- #4850: Added support for loading content templates from HTML files. Thanks to Fynn96!
- #4874: Added the config.clipboard_handleImages configuration option for enabling and disabling built-in support for pasting and dropping images in the Clipboard plugin. Thanks to FlowIT-JIT!
- #4026: Preview plugin now uses the editor#title property for the title of the preview window. Thanks to Ely!
- #4467: Added support for inserting content next to a block widgets using keyboard navigation. Thanks to bunglegrind!
Fixed Issues:
- #3757: [Firefox] Fixed: images pasted from clipboard are not inserted as Base64-encoded images.
- #3876: Fixed: The Print plugin incorrectly prints links and images.
- #4444: [Firefox] Fixed: Print preview is incorrectly loaded from CDN.
- #4596: Fixed: Incorrect handling of HSL/HSLA values in CKEDITOR.tools.color.
- #4597: Fixed: Incorrect color conversion for HSL/HSLA values in CKEDITOR.tools.color.
- #4604: Fixed: CKEDITOR.plugins.clipboard.dataTransfer#getTypes() returns no types.
- #4761: Fixed: Not all resources loaded by the editor respect the cache key.
- #4783: Fixed: The Accessibility Help dialog does not contain info about focus being moved back to the editing area upon activating a toolbar button.
- #4790: Fixed: Printing page is invoked before the printed page is fully loaded.
- #4874: Fixed: Built-in support for pasting and dropping images in the Clipboard plugin restricts third party plugins from handling image pasting. Thanks to FlowIT-JIT!
- #4888: Fixed: The CKEDITOR.dialog#setState() method throws error when there is no “OK” button in the dialog.
- #4858: Fixed: The Autolink plugin incorrectly escapes the & characters when pasting links into the editor.
- #4892: Fixed: Focus of buttons in dialogs is not visible enough in High Contrast mode.
- #3858: Fixed: Pasting content in ENTER_BR enter mode crashes the editor.
- #4891: Fixed: The Autogrow plugin applies fixed width to the editor.
API Changes:
- #4462: CKEDITOR.editor#getSelection() now returns null if the editor is in recreating state.
- #4583: Added support for new, comma-less color syntax to CKEDITOR.tools.color.
- #4604: Added the CKEDITOR.plugins.clipboard.dataTransfer#isFileTransfer() method.
- #4790: Added callback parameter to CKEDITOR.plugins.preview#createPreview() method.
Other Changes:
- #4866: The Flash plugin is now deprecated and has been removed from CKEditor 4.
- #4901: Redesigned buttons placement in the Content templates dialog to make it more UX friendly. Thanks to Fynn96!
CKEditor 4.16.2
Security Updates:
Fixed XSS vulnerability in the Clipboard plugin reported by Anton Subbotin.
Issue summary: The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. See security advisory for more details.
Fixed XSS vulnerability in the Widget plugin reported by Anton Subbotin.
Issue summary: The vulnerability allowed to abuse undo functionality using malformed Widget HTML, which could result in executing JavaScript code. See security advisory for more details.
Fixed XSS vulnerability in the Fake Objects plugin reported by Mika Kulmala.
Issue summary: The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. See security advisory for more details.
You can read more details in the relevant security advisory and contact us if you have more questions.
An upgrade is highly recommended!
Fixed Issues:
- #4777: Fixed: HTML comments in widgets not processed correctly.
- #4733: Fixed: Link prevent duplicate anchors in text with styles.
- #4728: Fixed: Multiple anchors in one line and multi-line with text style.
- #3863: Fixed: Multiple anchors in single word with text style.
- #3819: [Chrome] Fixed: After removing one of the two consecutive spaces, the character appears in the editor instead of a space.
- #4666: [IE] Introduce CSS.escape polyfill. Thanks to limingli0707!
- #681: Fixed: Table elements (td, tr, th, …) with an id that starts with dot (.) causes javascript runtime err.
- #641: Fixed: UploadImage Plugin Widgets not working in IE, Opera, Safari, PhantomJS.
- #3638: Fixed: Opening the same dialog twice causes it to become hidden under the dialog’s page cover.
- #4247: Fixed: Color Button’s incorrect rendering on the first opening.
- #4555: Fixed: Font styles with attributes are not applied correctly when used multiple times over the same selection.
- #4782: [Firefox] Fixed: TypeError is thrown when switching to Source View and back while Autocomplete plugin is enabled.
CKEditor 4.16.1
Fixed Issues:
- #4617: Fixed: Autocomplete is not accessible in inline editors.
- #4493: Fixed: The drop-down label does not reflect the current value of the drop-down.
- #1572: Fixed: A paragraph before or after a widget cannot be removed. Thanks to bunglegrind!
- #4301: Fixed: Pasted content is overwritten when pasted in an initially empty editor with the div Enter mode.
- #4351: Fixed: Incorrect values for RGBA/HSLA colors in Color Dialog.
- #4509: Fixed: Incorrect handling of drag & drop inside widgets and nested editables.
- #4611: [Android, iOS] Fixed: Incorrect hover styles for buttons in the toolbar on mobile devices.
- #4652: Fixed: Event data set to false is treated as an event cancelation.
- #4659: Fixed: CKEDITOR.htmlParser does not treat --!> as a comment end tag correctly.
CKEditor 4.16
Security Updates:
Fixed ReDoS vulnerability in the Autolink plugin.
Issue summary: It was possible to execute a ReDoS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted URL-like text into the editor and press Enter or Space.
Fixed ReDoS vulnerability in the Advanced Tab for Dialogs plugin.
Issue summary: It was possible to execute a ReDoS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted text into the Styles dialog.
An upgrade is highly recommended!
New Features:
- #2800: Unsupported image formats are now gracefully handled by the Paste from Word plugin on paste, additionally showing descriptive error messages.
- #2800: Unsupported image formats are now gracefully handled by the Paste from LibreOffice plugin on paste, additionally showing descriptive error messages.
- #3582: Introduced smart positioning of the Autocomplete panel used by the Mentions and Emoji plugins. The panel will now be additionally positioned related to the browser viewport to be always fully visible.
- #4388: Added the option to remove an iframe created with the IFrame Dialog plugin from the sequential keyboard navigation using the tabindex attribute. Thanks to Timo Kirkkala!
Fixed Issues:
- #1134: [Safari] Fixed: Paste from Word does not embed images.
- #2800: Fixed: No images are imported from Microsoft Word when the content is pasted via the Paste from Word plugin if there is at least one image of unsupported format.
- #4379: [Edge] Fixed: Incorrect detection of the high contrast mode.
- #4422: Fixed: Missing space between the button name and the keyboard shortcut inside the button label in the high contrast mode.
- #2208: [IE] Fixed: The Autolink plugin duplicates the native browser implementation.
- #1824: Fixed: The Autolink plugin should require the Link plugin.
- #4253: Fixed: The Editor Placeholder plugin throws an error during the editor initialization with config.fullPage enabled when there is no <body> tag in the editor content.
- #4372: Fixed: The Autogrow plugin changes the editor’s width when used with an absolute config.width value.
API Changes:
- #4358: Introduced the CKEDITOR.tools.color class which adds colors validation and methods for converting colors between various formats: named colors, HEX, RGB, RGBA, HSL and HSLA.
- #3782: Moved the CKEDITOR.plugins.pastetools.filters.word.images filters to the CKEDITOR.plugins.pastetools.filters.image namespace.
- #4297: All CKEDITOR.plugins.pastetools.filters are now available under the CKEDITOR.pasteTools alias.
- #4394: Introduced CKEDITOR.ajax specialized loading methods for loading binary (CKEDITOR.ajax.loadBinary()) and text (CKEDITOR.ajax.loadText()) data.
Other Changes:
- The WebSpellChecker (WSC) plugin is now disabled by default in Standard and Full presets. It can be enabled via extraPlugins configuration option.
CKEditor 4.15.1
Security Updates:
Fixed XSS vulnerability in the Color History feature reported by Mark Wade.
Issue summary: It was possible to execute an XSS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted HTML code into the Color Button dialog.
An upgrade is highly recommended!
Fixed Issues:
- #4293: Fixed: The CKEDITOR.inlineAll() method tries to initialize inline editor also on elements with an editor already attached to them.
- #3961: Fixed: The Table Resize plugin prevents editing of merged cells.
- #3649: Fixed: Applying a block format should remove existing block styles.
- #4282: Fixed: The script loader does not execute callback for scripts already loaded when called for the second time. Thanks to Alexander Korotkevich!
- #4273: Fixed: A memory leak in the CKEDITOR.domReady() method connected with not removing load event listeners. Thanks to rohit1!
- #1330: Fixed: Incomplete CSS margin parsing if an auto or 0 value is used.
- #4286: Fixed: The Auto Grow plugin causes the editor width to be set to 0 on editor resize.
- #848: Fixed: Arabic text not being “bound” correctly when pasting. Thanks to Thomas Hunkapiller and J. Ivan Duarte Rodríguez!
API Changes:
- #3649: Added a new stylesRemove editor event.
Other Changes:
- #4262: Removed the global reference to the stylesLoaded variable. Thanks to Levi Carter!
- Updated the Export to PDF plugin to 1.0.1 version:
- Improved external CSS support for classic editor by handling exceptions and displaying convenient error messages.
CKEditor 4.15
New features:
- #3940: Introduced the colorName property for customizing foreground and background styles in the Color Button plugin via the config.colorButton_foreStyle and config.colorButton_backStyle configuration options.
- #3793: Introduced the Editor Placeholder plugin.
- #1795: The colors picked from the Color Dialog are now stored in the Color Button palette and can be reused easily.
- #3783: The colors used in the document are now displayed as a part of the Color Button palette.
Fixed Issues:
- #4060: Fixed: The content inside a widget nested editable is escaped twice.
- #4183: [Safari] Fixed: Incorrect image dimensions when using the Easy Image plugin alongside the IFrame Editing Area plugin.
- #3693: Fixed: Incorrect default values for several Color Button configuration variables in the API documentation.
- #3795: Fixed: Setting the config.dataIndentationChars configuration option to an empty string is ignored and replaced by a tab (\t) character. Thanks to Thomas Grinderslev!
- #4107: Fixed: Multiple Autocomplete instances cause keyboard navigation issues.
- #4041: Fixed: Theselection.scrollIntoView method throws an error when the editor selection is not set.
- #3361: Fixed: Loading multiple custom editor configurations is prone to a race condition between these.
- #4007: Fixed: Screen readers do not announce the Rich Combo plugin is collapsed or expanded.
- #4141: Fixed: The styles are incorrectly applied when there is a <select> element inside the editor.
CKEditor 4.14.1
Fixed Issues:
- #2607: Fixed: The Emoji plugin SVG icons file is not loaded in CORS context.
- #3866: Fixed: The config.readOnly configuration option not considered for startup read-only mode of inline editor.
- #3931: [IE] Fixed: An error is thrown when pasting using the Paste button after accepting the browser Clipboard Access Prompt dialog.
- #3938: Fixed: Cannot navigate the Autocomplete panel with the keyboard after switching to source mode.
- #2823: [IE] Fixed: Cannot resize the last table column using the Table Resize plugin.
- #909: Fixed: The Table Resize plugin does not work when the editor is placed in an absolutely positioned container. Thanks to Roland Petto!
- #1959: Fixed: The Table Resize plugin does not work in a maximized editor when the Div Editing Area feature is enabled. Thanks to Roland Petto!
- #3156: Fixed: Autolink config.autolink_urlRegex and config.autolink_emailRegex options are not customizable. Thanks to Sergiy Dobrovolsky!
- #624: Fixed: Notification does not work with the bottom toolbar location.
- #3000: Fixed: Auto Embed does not work with the bottom toolbar location.
- #1883: Fixed: The editor.resize() method does not work with CSS units.
- #3926: Fixed: Dragging and dropping a widget sometimes produces an error.
- #4008: Fixed: Remove Format does not work with a collapsed selection.
- #3998: Fixed: An error is thrown when switching to the source mode using a custom Ctrl + Enter keystroke with the Widget plugin present.
Other Changes:
- Updated WebSpellChecker (WSC) and SpellCheckAsYouType (SCAYT) plugins:
- Fixed: Active Autocomplete panel causes active suggestions to be unnecessarily checked by the SCAYT spell checking mechanism.
CKEditor 4.14
Security Updates:
Fixed XSS vulnerability in the HTML data processor reported by Michał Bentkowski of Securitum.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode or (i) copy the specially crafted HTML code, prepared by the attacker and (ii) paste it into CKEditor in WYSIWYG mode.
Fixed XSS vulnerability in the WebSpellChecker Dialog plugin reported by Pham Van Khanh from Viettel Cyber Security.
Issue summary: It was possible to execute XSS using CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, then (iii) switch back to WYSIWYG mode, and (iv) preview CKEditor content outside CKEditor editable area.
An upgrade is highly recommended!
New features:
- #2374: Added support for pasting rich content from LibreOffice Writer with the Paste from LibreOffice plugin.
- #2583: Changed emoji suggestion box to show the matched emoji name instead of an ID.
- #3748: Improved the color button state to reflect the selected editor content colors.
- #3661: Improved the Print plugin to respect styling rendered by the Preview plugin.
- #3547: Active dialog tab now has the aria-selected="true" attribute.
- #3441: Improved widget.getClipboardHtml() support for dragging and dropping multiple widgets.
Fixed Issues:
- #3587: [Edge, IE] Fixed: Widget with form input elements loses focus during typing.
- #3705: [Safari] Fixed: Safari incorrectly removes blocks with the editor.extractSelectedHtml() method after selecting all content.
- #1306: Fixed: The Font plugin creates nested HTML <span> tags when reapplying the same font multiple times.
- #3498: Fixed: The editor throws an error during the copy operation when a widget is partially selected.
- #2517: [Chrome, Firefox, Safari] Fixed: Inserting a new image when the selection partially covers an existing enhanced image widget throws an error.
- #3007: [Chrome, Firefox, Safari] Fixed: Cannot modify the editor content once the selection is released over a widget.
- #3698: Fixed: Cutting the selected text when a widget is partially selected merges paragraphs.
API Changes:
- #3387: Added the CKEDITOR.ui.richCombo.select() method.
- #3727: Added new textColor and bgColor commands that apply the selected color chosen by the Color Button plugin.
- #3728: Added new font and fontSize commands that apply the selected font style chosen by the Font plugin.
- #3842: Added the editor.getSelectedRanges() alias.
- #3775: Widget mask and parts can now be refreshed dynamically via API calls.
CKEditor 4.13.1
Fixed Issues:
- #875: Fixed: Pasting inside the editor that contains a table with the Table Selection plugin after selecting all content replaces only the table element instead of the entire content.
- #3415: [Firefox] Fixed: Pasting individual list elements fails. Thanks to Jack Wickham!
- #3413: Fixed: Menu items with labels containing double quotes are rendered incorrectly.
- #3475: [Firefox] Fixed: Pasting plain text over existing content fails and throws an error.
- #2027: Fixed: Incorrect email display text after reopening the Link dialog for display names starting with @.
- #3544: Fixed: The Special Characters dialog read incorrectly by screen readers due to empty table cells at the end.
- #1653: Fixed: Balloon Toolbar is not repositioned when the editor is scrolled with the Div Editing Area feature enabled.
- #3559: Fixed: Color Dialog is incorrectly positioned when used with another dialog.
- #3593: Fixed: Cannot access a text or comment node when replacing an element node with them via CKEDITOR.htmlParser.filter.
- #3524: Fixed: The Easy Image plugin throws an error when any image with an unsupported data type is pasted into the editor.
- #3552: Fixed: Incorrect value of CKEDITOR.plugins.widget.repository#selected after selecting the whole editor content.
- #3586: Fixed: Content pasted from Microsoft Excel is not correctly recognised by the Paste from Word plugin.
- #3585: [Firefox] Fixed: Microsoft Excel content is pasted as an image.
- #3625: [Firefox] Fixed: Microsoft PowerPoint content is pasted as an image.
- #3474: Fixed: Incorrect focus order after any tab in a dialog was clicked.
- #3689: Fixed: Cannot change dialog tabs with keyboard arrow keys after focusing any tab with a mouse click.
API Changes:
- #3634: Added the CKEDITOR.plugins.clipboard.dataTransfer#getTypes() method.
CKEditor 4.13
New Features:
- #835: Extended support for pasting from external applications:
- Added support for pasting rich content from Google Docs with the Paste from Google Docs plugin.
- Added a new Paste Tools plugin for unified paste handling.
- #3315: Added support for strikethrough in the BBCode plugin. Thanks to Alexander Kahl!
- #3175: Introduced selection optimization mechanism for handling incorrect selection behaviors in various browsers:
- #3256: Triple-clicking in the last table cell and deleting content no longer pulls the content below into the table.
- #3118: Selecting a paragraph with a triple-click and applying a heading applies the heading only to the selected paragraph.
- #3161: Double-clicking a <span> element containing just one word creates a correct selection including the clicked <span> only.
- #3359: Improved dialog positioning and behavior when the dialog is resized or moved, or the browser window is resized.
- #2227: Added the config.linkDefaultProtocol configuration option that allows setting the default URL protocol for the Link plugin dialog.
- #3240: Extended the CKEDITOR.plugins.widget#mask property to allow masking only the specified part of a widget.
- #3138: Added the possibility to use the widgetDefinition.getClipboardHtml() method to customize the widget HTML during copy, cut and drag operations.
Fixed Issues:
- #808: Fixed: Widgets and other content disappear on drag and drop in read-only mode.
- #3260: Fixed: Widget drag handler is visible in read-only mode.
- #3261: Fixed: A widget initialized using the dialog has an incorrect owner document.
- #3198: Fixed: Blurring and focusing the editor when a widget is focused creates an additional undo step.
- #2859: [IE, Edge] Fixed: Various editor UI elements react to right mouse button click:
- #2845: Rich Combo.
- #2857: List Block.
- #2858: Menu.
- #3158: [Chrome, Safari] Fixed: Undo plugin breaks with the filling character.
- #504: [Edge] Fixed: The editor’s selection is collapsed to the beginning of the content when focusing the editor for the first time.
- #3101: Fixed: CKEDITOR.dom.range#_getTableElement() returns null instead of a table element for edge cases.
- #3287: Fixed: CKEDITOR.tools.promise initializes incorrectly if an AMD loader is present.
- #3379: Fixed: Incorrect CKEDITOR.editor#getData() call when inserting content into the editor.
- #941: Fixed: An error is thrown after styling a table cell text selected using the native selection when the Table Selection plugin is enabled.
- #3136: [Firefox] Fixed: Clicking Balloon Toolbar items removes the native table selection.
- #3381: [IE8] Fixed: The CKEDITOR.tools.object.keys() method does not accept non-objects.
- #2395: [Android] Fixed: Focused input in a dialog is scrolled out of the viewport when the soft keyboard appears.
- #453: Fixed: Link dialog has an invalid width when the editor is maximized and the browser window is resized.
- #2138: Fixed: An email address containing a question mark is mishandled by the Link plugin.
- #14613: Fixed: Race condition when loading plugins for an already destroyed editor instance throws an error.
- #2257: Fixed: The editor throws an exception when destroyed shortly after it was created.
- #3115: Fixed: Destroying the editor during the initialization throws an error.
- #3354: [iOS] Fixed: Pasting no longer works on iOS version 13.
- #3423 Fixed: Bookmarks can be created inside temporary elements.
API Changes:
- #3154: Added the CKEDITOR.tools.array.some() method.
- #3245: Added the CKEDITOR.plugins.undo.UndoManager.addFilterRule() method that allows filtering undo snapshot contents.
- #2845: Added the CKEDITOR.tools.normalizeMouseButton() method.
- #2975: Added the CKEDITOR.dom.element#fireEventHandler() method.
- #3247: Extended the CKEDITOR.tools.bind() method to accept arguments for bound functions.
- #3326: Added the CKEDITOR.dom.text#isEmpty() method.
- #2423: Added the CKEDITOR.plugins.dialog.getModel() and CKEDITOR.plugins.dialog.getMode() methods with their CKEDITOR.plugin.definition counterparts, allowing to get the dialog subject of a change.
- #3124: Added the CKEDITOR.dom.element#isDetached() method.
CKEditor 4.12.1
Fixed Issues:
- #3220: Fixed: Prevent Paste from Word filter from deleting Page Break elements on paste.
CKEditor 4.12
New Features:
- #2598: Added the Page Break feature support for the Paste from Word plugin.
- #1490: Improved the Paste from Word plugin to retain table cell borders.
- #2870: Improved support for preserving the indentation of list items for nested lists pasted with the Paste from Word plugin.
- #2048: New CKEDITOR.config.image2_maxSize configuration option for the Enhanced Image plugin that allows setting a maximum size that an image can be resized to with the resizer.
- #2639: The Color Dialog plugin now shows the current selection’s color when opened.
- #2084: The Table Tools plugin now allows to change the cell height unit type to either pixels or percent.
- #3164: The Table Tools plugin now accepts floating point values as the table cell width and height.
Fixed Issues:
- #2672: Fixed: When resizing an Enhanced Image to a minimum size with the resizer, the image dialog does not show actual values.
- #1478: Fixed: Custom colors added to Color Button with the config.colorButton_colors configuration option in the form of a label or code do not work correctly.
- #1469: Fixed: Trying to get data from a nested editable inside a freshly pasted widget throws an error.
- #2235: Fixed: An Image in a table cell has an empty URL field when edited from the context menu opened by right-click when the Table Selection plugin is in use.
- #3098: Fixed: Unit pickers for table cell width and height in the Table Tools plugin have a different width.
- #2923: Fixed: The CSS windowtext color is not correctly recognized by the CKEDITOR.tools.style.parse methods.
- #3120: [IE8] Fixed: The CKEDITOR.tools.extend() method does not work with the DontEnum object property attribute.
- #2813: Fixed: Editor HTML insertion methods (editor.insertHtml(), editor.insertHtmlIntoRange(), editor.insertElement() and editor.insertElementIntoRange()) pollute the editable with empty <span> elements.
- #2751: Fixed: An editor with config.enterMode set to ENTER_DIV alters pasted content.
API Changes:
- #1496: The Balloon Toolbar plugin exposes the CKEDITOR.ui.balloonToolbar.reposition() and CKEDITOR.ui.balloonToolbarView.reposition() methods.
- #2021: Added new CKEDITOR.dom.documentFragment.find() and CKEDITOR.dom.documentFragment.findOne() methods.
- #2700: Added the CKEDITOR.tools.array.find() method.
- #3123: Added the CKEDITOR.tools.object.keys() method.
- #3123: Added the CKEDITOR.tools.object.entries() method.
- #3123: Added the CKEDITOR.tools.object.values() method.
- #2821: The CKEDITOR.template#source property can now be a function, so it can return the changed template values during the runtime. Thanks to Jacek Pulit!
- #2598: Added the CKEDITOR.plugins.pagebreak.createElement() method allowing to create a Page Break plugin CKEDITOR.dom.element instance.
- #2748: Enhanced error messages thrown when creating an editor on a non-existent element or when trying to instantiate the second editor on the same element. Thanks to Byran Zaugg!
- #2698: Added the CKEDITOR.htmlParser.element.findOne() method.
- #2935: Introduced the CKEDITOR.config.pasteFromWord_keepZeroMargins configuration option that allows for keeping any margin-*: 0 style that would be otherwise removed when pasting content with the Paste from Word plugin.
- #2962: Added the CKEDITOR.tools.promise class.
- #2924: Added the CKEDITOR.tools.style.border object wrapping CSS border style helpers under a single type.
- #2495: The Table Selection plugin can now be disabled for the given table with the data-cke-tableselection-ignored attribute.
- #2692: Plugins can now expose information about the supported environment by implementing the pluginDefinition.isSupportedEnvironment() method.
Other Changes:
- #2741: Replaced deprecated arguments.callee calls with named function expressions to allow the editor to work in strict mode.
- #2924: Marked CKEDITOR.tools.style.parse.border() as deprecated in favor of the CKEDITOR.tools.style.border.fromCssRule() method.
- #3132: Marked CKEDITOR.tools.objectKeys() as deprecated in favor of the CKEDITOR.tools.object.keys() method.
CKEditor 4.11.4
Fixed Issues:
- #589: Fixed: The editor causes memory leaks in create and destroy cycles.
- #1397: Fixed: Using the dialog to remove headers from a table with one header row only throws an error.
- #1479: Fixed: Justification for styled content in BR mode is disabled.
- #2816: Fixed: Enhanced Image resize handler is visible in read-only mode.
- #2874: Fixed: Enhanced Image resize handler is not created when the editor is initialized in read-only mode.
- #2775: Fixed: Clipboard paste buttons have wrong state when read-only mode is set by the mouse event listener with the Div Editing Area plugin.
- #1901: Fixed: Cannot open the context menu over a Widget with the Shift+F10 keyboard shortcut.
Other Changes:
- Updated WebSpellChecker (WSC) and SpellCheckAsYouType (SCAYT) plugins:
- Language dictionary update: German language was extended with over 600k new words.
- Language dictionary update: Swedish language was extended with over 300k new words.
- Grammar support added for Australian and New Zealand English, Polish, Slovak, Slovenian and Austrian languages.
- Changed wavy red and green lines that underline spelling and grammar errors to straight ones.
- #55: Fixed: WSC does not use CKEDITOR.getUrl() when referencing style sheets.
- #166: Fixed: SCAYT does not use CKEDITOR.getUrl() when referencing style sheets.
- #56: [Chrome] Fixed: SCAYT/WSC throws errors when running inside a Chrome extension.
- Fixed: After removing a dictionary, the words are not underlined and considered as incorrect.
- Fixed: The Slovenian (sl_SL) language does not work.
- Fixed: Quotes with code U+2019 (Right single quotation mark) are considered separators.
- Fixed: Wrong error message formatting when the service ID is invalid.
- Fixed: Absent languages in the Languages tab when using SCAYT with the Shared Spaces plugin.
CKEditor 4.11.3
Fixed Issues:
- #2721, #487: Fixed: The order of sublist items is reversed when a higher level list item is removed.
- #2527: Fixed: Emoji autocomplete order does not prioritize emojis with the name starting from the used string.
- #2572: Fixed: Icons in the Emoji dropdown navigation groups are not centered.
- #1191: Fixed: Items in the elements path are draggable.
- #2292: Fixed: Dropping a list with a link on the editor’s margin causes a console error and removes the dragged text from editor.
- #2756: Fixed: The Auto Link plugin causes an error when typing in the source editing mode.
- #1986: Fixed: The Cell Properties dialog from the Table Tools plugin shows styles that are not allowed through config.allowedContent.
- #2565: [IE, Edge] Fixed: Buttons in the editor toolbar are activated by clicking them with the right mouse button.
- #2792: Fixed: A bug in the Copy Formatting plugin that caused the following issues:
- #2780: Fixed: Undo steps disappear after multiple changes of selection.
- #2470: [Firefox] Fixed: Widget’s nested editable gets blurred upon focus.
- #2655: [Chrome, Safari] Fixed: Widget’s nested editable cannot be focused under certain circumstances.
CKEditor 4.11.2
Fixed Issues:
- #2403: Fixed: Styling inline editor initialized inside a table with the Table Selection plugin is causing style leaks.
- #2514: Fixed: Pasting table data into inline editor initialized inside a table with the Table Selection plugin inserts pasted content into the wrapping table.
- #2451: Fixed: The Remove Format plugin changes selection.
- #2546: Fixed: The separator in the toolbar moves when buttons are focused.
- #2506: Fixed: Enhanced Image throws a type error when an empty <figure> tag with an image class is upcasted.
- #2650: Fixed: Table dialog validator fails when the getValue() function is defined in the global scope.
- #2690: Fixed: Decimal characters are removed from the inside of numbered lists when pasting content using the Paste from Word plugin.
- #2205: Fixed: It is not possible to add new list items under an item containing a block element.
- #2411, #2438 Fixed: Apply numbered list option throws a console error for a specific markup.
- #2430 Fixed: Color Button and List Block items are draggable.
Other Changes:
- Updated the WebSpellChecker (WSC) plugin:
- #52 Fixed: Clicking “Finish Checking” without a prior action would hang the Spell Checking dialog.
- #2603: Corrected the GPL license entry in the package.json file.
CKEditor 4.11.1
Fixed Issues:
- #2571: Fixed: Clicking the categories in the Emoji dropdown panel scrolls the entire page.
CKEditor 4.11
Security Updates:
Fixed XSS vulnerability in the HTML parser reported by maxarr.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.
An upgrade is highly recommended!
New Features:
- #2062: Added the emoji dropdown that allows the user to choose the emoji from the toolbar and search for them using keywords.
- #2154: The Link plugin now supports phone number links.
- #1815: The Auto Link plugin supports typing link completion.
- #2478: Link can be inserted using the Ctrl/Cmd + K keystroke.
- #651: Text pasted using the Paste from Word plugin preserves indentation in paragraphs.
- #2248: Added support for justification in the BBCode plugin. Thanks to Matěj Kmínek!
- #706: Added a different cursor style when selecting cells for the Table Selection plugin.
- #2072: The UI Button plugin supports custom aria-haspopup property values. The Menu Button aria-haspopup value is now menu, the Panel Button and Rich Combo aria-haspopup value is now listbox.
- #1176: The Balloon Panel can now be attached to a selection instead of an element.
- #2202: Added the contextmenu_contentsCss configuration option to allow adding custom CSS to the Context Menu.
Fixed Issues:
- #1477: Fixed: On destroy, Balloon Toolbar does not destroy its content.
- #2394: Fixed: Emoji dropdown does not show up with repeated symbols in a single line.
- #1181: [Chrome] Fixed: Opening the context menu in a read-only editor results in an error.
- #2276: [iOS] Fixed: Button state does not refresh properly.
- #1489: Fixed: Table contents can be removed in read-only mode when the Table Selection plugin is used.
- #1264 Fixed: Right-click does not clear the selection created with the Table Selection plugin.
- #586 Fixed: The required attribute is not correctly recognized by the Form Elements plugin dialog. Thanks to Roli Züger!
- #2380 Fixed: Styling HTML comments in a top-level element results in extra paragraphs.
- #2294 Fixed: Pasting content from Microsoft Outlook and then bolding it results in an error.
- #2035 [Edge] Fixed: Permission denied is thrown when opening a Panel instance.
- #965 Fixed: The config.forceSimpleAmpersand option does not work. Thanks to Alex Maris!
- #2448: Fixed: The [Escape HTML Entities] plugin with custom additional entities configuration breaks HTML escaping.
- #898: Fixed: Enhanced Image long alternative text protrudes into the editor when the image is selected.
- #1113: [Firefox] Fixed: Nested contenteditable elements path is not updated on focus with the Div Editing Area plugin.
- #1682 Fixed: Hovering the Balloon Toolbar panel changes its size, causing flickering.
- #421 Fixed: Expandable Button puts the (Selected) text at the end of the label when clicked.
- #1454: Fixed: The onAbort method of the Upload Widget is not called when the loader is aborted.
- #1451: Fixed: The context menu is incorrectly positioned when opened with Shift+F10.
- #1722: CKEDITOR.filter.instances is causing memory leaks.
- #2491: Fixed: The Mentions plugin is not matching diacritic characters.
- #2519: Fixed: The Accessibility Help dialog should display all available keystrokes for a single command.
API Changes:
- #2453: The CKEDITOR.ui.panel.block.getItems method now also returns input elements in addition to links.
- #2224: The CKEDITOR.tools.convertToPx function now converts negative values.
- #2253: The widget definition insert method now passes editor and commandData. Thanks to marcparmet!
- #2045: Extracted tools.eventsBuffer and tools.throttle functions logic into a separate namespace.
- tools.eventsBuffer was extracted into tools.buffers.event,
- tools.throttle was extracted into tools.buffers.throttle.
- #2466: The CKEDITOR.filter constructor accepts an additional rules parameter allowing to bind the editor and filter together.
- #2493: The editor.getCommandKeystroke method accepts an additional all parameter allowing to retrieve an array of all command keystrokes.
- #2483: Button’s DOM element created with the hasArrow definition option can by identified by the .cke_button_expandable CSS class.
Other Changes:
- #1713: Removed the redundant lang.title entry from the Clipboard plugin.
CKEditor 4.10.1
Fixed Issues:
- #2114: Fixed: Autocomplete cannot be initialized before instanceReady.
- #2107: Fixed: Holding and releasing the mouse button is not inserting an autocomplete suggestion.
- #2167: Fixed: Matching in Emoji plugin is not case insensitive.
- #2195: Fixed: Emoji shows the suggestion box when the colon is preceded with other characters than white space.
- #2169: [Edge] Fixed: Error thrown when pasting into the editor.
- #1084 Fixed: Using the “Automatic” option with Color Button on a text with the color already defined sets an invalid color value.
- #2271: Fixed: Custom color name not used as a label in the Color Button plugin. Thanks to Eric Geloen!
- #2296: Fixed: The Color Button plugin throws an error when activated on content containing HTML comments.
- #966: Fixed: Executing editor.destroy() during the file upload throws an error. Thanks to Maksim Makarevich!
- #1719: Fixed: Ctrl/Cmd + A inadvertently focuses inline editor if it is starting and ending with a list. Thanks to theNailz!
- #1046: Fixed: Subsequent new links do not include the id attribute. Thanks to Nathan Samson!
- #1348: Fixed: Enhanced Image plugin aspect ratio locking uses an old width and height on image URL change.
- #1791: Fixed: Image and Enhanced Image plugins can be enabled when Easy Image is present.
- #2254: Fixed: Image ratio locking is too precise for resized images. Thanks to Jonathan Gilbert!
- #1184: [IE8-11] Fixed: Copying and pasting data in read-only mode throws an error.
- #1916: [IE9-11] Fixed: Pressing the Delete key in read-only mode throws an error.
- #2003: [Firefox] Fixed: Right-clicking multiple selected table cells containing empty paragraphs removes the selection.
- #1816: Fixed: Table breaks when Enter is pressed over the Table Selection plugin.
- #1115: Fixed: The <font> tag is not preserved when proper configuration is provided and a style is applied by the Font plugin.
- #727: Fixed: Custom styles may be invisible in the Styles Combo plugin.
- #988: Fixed: ACF-enabled custom elements prefixed with object, embed, param are removed from the editor content.
API Changes:
- #2249: Added the editor.plugins.detectConflict() method finding conflicts between provided plugins.
CKEditor 4.10
New Features:
- #1751: Introduced the Autocomplete feature that consists of the following plugins:
- Autocomplete – Provides contextual completion feature for custom text matches based on user input.
- Text Watcher – Checks whether an editor’s text change matches the chosen criteria.
- Text Match – Allows to search CKEDITOR.dom.range for matching text.
- #1703: Introduced the Mentions plugin providing smart completion feature for custom text matches based on user input starting with a chosen marker character.
- #1746: Introduced the Emoji plugin providing completion feature for emoji ideograms.
- #1761: The Auto Link plugin now supports email links.
Fixed Issues:
- #1458: [Edge] Fixed: After blurring the editor it takes 2 clicks to focus a widget.
- #1034: Fixed: JAWS leaves forms mode after pressing the Enter key in an inline editor instance.
- #1748: Fixed: Missing CKEDITOR.dialog.definition.onHide API documentation. Thanks to sunnyone!
- #1321: Fixed: Ideographic space character (\u3000) is lost when pasting text.
- #1776: Fixed: Empty caption placeholder of the Image Base plugin is not hidden when blurred.
- #1592: Fixed: The Image Base plugin caption is not visible after paste.
- #620: Fixed: The config.forcePasteAsPlainText option is not respected in internal and cross-editor pasting.
- #1467: Fixed: The resizing cursor of the Table Resize plugin appearing in the middle of a merged cell.
API Changes:
- #850: Backward incompatibility: Replaced the replace dialog from the Find / Replace plugin with a tabId option in the find command.
- #1582: The CKEDITOR.editor.addCommand() method can now accept a CKEDITOR.command instance as a parameter.
- #1712: The extraPlugins, removePlugins and plugins configuration options allow whitespace.
- #1802: The extraPlugins, removePlugins and plugins configuration options allow passing plugin names as an array.
- #1724: Added an option to the getClientRect() function allowing to retrieve an absolute bounding rectangle of the element, i.e. a position relative to the upper-left corner of the topmost viewport.
- #1498 : Added a new getClientRects() method to CKEDITOR.dom.range. It returns a list of rectangles for each selected element.
- #1993: Added the CKEDITOR.tools.throttle() function.
Other Changes:
- Updated SCAYT (Spell Check As You Type) and WebSpellChecker (WSC) plugins:
- Language dictionary update: Added support for the Uzbek Latin language.
- Languages no longer supported as additional languages: Manx - Isle of Man (gv_GB) and Interlingua (ia_XR).
- Extended and improved language dictionaries: Georgian and Swedish. Also added the missing word “Ensure” to the American, British and Canada English language.
- #141 Fixed: SCAYT throws "Uncaught Error: Error in RangyWrappedRange module: createRange(): Parameter must be a Window object or DOM node".
- #153 [Chrome] Fixed: Correcting a word in the widget in SCAYT moves focus to another editable.
- #155 [IE8] Fixed: SCAYT throws an error and does not work.
- #156 [IE10] Fixed: SCAYT does not seem to work.
- Fixed: After some text is dragged and dropped, the markup is not refreshed for grammar problems in SCAYT.
- Fixed: Request to FastCGI fails when the user tries to replace a word with non-English characters with a proper suggestion in WSC.
- [Firefox] Fixed: Ctrl+Z removes focus in SCAYT.
- Grammar support for default languages was improved.
- New application source URL was added in SCAYT.
- Removed green marks and legend related to grammar-supported languages in the Languages tab of SCAYT. Grammar is now supported for almost all the anguages in the list for an additional fee.
- Fixed: JavaScript error in the console: “Cannot read property ‘split’ of undefined” in SCAYT and WSC.
- [IE10] Fixed: Markup is not set for a specific case in SCAYT.
- Fixed: Accessibility issue: No alt attribute for the logo image in the About tab of SCAYT.
CKEditor 4.9.2
Security Updates:
Fixed XSS vulnerability in the Enhanced Image (image2) plugin reported by Kyaw Min Thein.
Issue summary: It was possible to execute XSS inside CKEditor using the <img> tag and specially crafted HTML. Please note that the default presets (Basic/Standard/Full) do not include this plugin, so you are only at risk if you made a custom build and enabled this plugin.
We would like to thank the Drupal security team for bringing this matter to our attention and coordinating the fix and release process!
CKEditor 4.9.1
Fixed Issues:
- #1835: Fixed: Integration between CKFinder and the File Browser plugin does not work.
CKEditor 4.9
New Features:
- #932: Introduced Easy Image feature for inserting images that are automatically rescaled, optimized, responsive and delivered through a blazing-fast CDN. Three new plugins were added to support it:
- Easy Image,
- Cloud Services
- Image Base
- #1338: Keystroke labels are displayed for function keys (like F7, F8).
- #643: The File Browser plugin can now upload files using XHR requests. This allows for setting custom HTTP headers using the config.fileTools_requestHeaders configuration option.
- #1365: The File Browser plugin uses XHR requests by default.
- #1399: Added the possibility to set CKEDITOR.config.startupFocus as start or end to specify where the editor focus should be after the initialization.
- #1441: The Magic Line plugin line element can now be identified by the data-cke-magic-line="1" attribute.
Fixed Issues:
- #595: Fixed: Pasting does not work on mobile devices.
- #869: Fixed: Empty selection clears cached clipboard data in the editor.
- #1419: Fixed: The Widget Selection plugin selects the editor content with the Alt+A key combination on Windows.
- #1274: Fixed: Balloon Toolbar does not match a single selected image using the contextDefinition.cssSelector matcher.
- #1232: Fixed: Balloon Toolbar buttons should be registered as focusable elements.
- #1342: Fixed: Balloon Toolbar should be re-positioned after the change event.
- #1426: [IE8-9] Fixed: Missing Balloon Toolbar background in the Kama skin. Thanks to Christian Elmer!
- #1470: Fixed: Balloon Toolbar is not visible after drag and drop of a widget it is attached to.
- #1048: Fixed: Balloon Panel is not positioned properly when a margin is added to its non-static parent.
- #889: Fixed: Unclear error message for width and height fields in the Image and Enhanced Image plugins.
- #859: Fixed: Cannot edit a link after a double-click on the text in the link.
- #1013: Fixed: Paste from Word does not work correctly with the config.forcePasteAsPlainText option.
- #1356: Fixed: Border parse function does not allow spaces in the color value.
- #1010: Fixed: The CSS border shorthand property was incorrectly expanded ignoring the border-color style.
- #1535: Fixed: Widget mouseover border contrast is insufficient.
- #1516: Fixed: Fake selection allows removing content in read-only mode using the Backspace and Delete keys.
- #1570: Fixed: Fake selection allows cutting content in read-only mode using the Ctrl/Cmd + X keys.
- #1363: Fixed: Paste notification is unclear and it might confuse users.
API Changes:
- #1346: Balloon Toolbar context manager API is now available in the pluginDefinition.init() method of the requiring plugin.
- #1530: Added the possibility to use custom icons for buttons.
Other Changes:
- Updated SCAYT (Spell Check As You Type) and WebSpellChecker (WSC) plugins:
- SCAYT scayt_minWordLength configuration option now defaults to 3 instead of 4.
- SCAYT default number of suggested words in the context menu changed to 3.
- #90: Fixed: Selection is lost on link creation if SCAYT highlights the word.
- Fixed: SCAYT crashes when the browser localStorage is disabled.
- [IE11] Fixed: Unable to get property type of undefined or null reference error in the browser console when SCAYT is disabled/enabled.
- #46: Fixed: Editing is blocked when remote spell checker server is offline.
- Fixed: User Dictionary cannot be created in WSC due to You already have the dictionary error.
- Fixed: Words with apostrophe ' on the replacement make the WSC dialog inaccessible.
- Fixed: SCAYT/WSC causes the Uncaught TypeError error in the browser console.
- #1337: Updated the samples layout with the new CKEditor 4 logo and color scheme.
- #1591: CKBuilder and language tools are now downloaded over HTTPS. Thanks to August Detlefsen!
CKEditor 4.8
Important Notes:
- #1249: Enabled the Upload Image plugin by default in standard and full presets. Also, it will no longer log an error in case of missing config.imageUploadUrl property.
New Features:
- #933: Introduced Balloon Toolbar plugin.
- #662: Introduced image inlining for the Paste from Word plugin.
- #468: [Edge] Introduced support for the Clipboard API.
- #607: Manually inserted Hex color is prefixed with a hash character (#) if needed. It ensures a valid Hex color value is used when setting the table cell border or background color with the Color Dialog window.
- #584: Font size and Family and Format drop-downs are not toggleable anymore. Default option to reset styles added.
- #856: Introduced the CKEDITOR.tools.keystrokeToArray() method. It converts a keystroke into its string representation, returning every key name as a separate array element.
- #1053: Introduced the CKEDITOR.tools.object.merge() method. It allows to merge two objects, returning the new object with all properties from both objects deeply cloned.
- #1073: Introduced the CKEDITOR.tools.array.every() method. It invokes a given test function on every array element and returns true if all elements pass the test.
Fixed Issues:
- #796: Fixed: A list is pasted from OneNote in the reversed order.
- #834: [IE9-11] Fixed: The editor does not save the selected state of radio buttons inserted by the Form Elements plugin.
- #704: [Edge] Fixed: Using Ctrl/Cmd + Z breaks widget structure.
- #591: Fixed: A column is inserted in a wrong order inside the table if any cell has a vertical split.
- #787: Fixed: Using Cut inside a nested table does not cut the selected content.
- #842: Fixed: List style not restored when toggling list indent level in the Indent List plugin.
- #711: Fixed: Dragging widgets should only work with the left mouse button.
- #862: Fixed: The “Object Styles” group in the Styles Combo plugin is visible only if the whole element is selected.
- #994: Fixed: Typo in the CKEDITOR.focusManager.focus() API documentation. Thanks to benjy!
- #1014: Fixed: The Table Tools Cell Properties dialog is now Advanced Content Filter aware — it is not possible to change the cell width or height if corresponding styles are disabled.
- #877: Fixed: A list with custom bullets with exotic characters crashes the editor when pasted from Word.
- #605: Fixed: Inline widgets do not preserve trailing spaces.
- #1008: Fixed: Shorthand Hex colors from the config.colorButton_colors option are not correctly highlighted in the Color Button Text Color or Background Color panel.
- #1094: Fixed: Widget definition upcast methods are called for every element.
- #1057: Fixed: The Notification plugin overwrites Web Notifications API due to leakage to the global scope.
- #1068: Fixed: Upload widget paste listener ignores changes to the uploadWidgetDefinition.
- #921: Fixed: [Edge] CKEditor erroneously perceives internal copy and paste as type "external".
- #1213: Fixed: Multiple images uploaded using Upload Image plugin are randomly duplicated or mangled.
- #532: Fixed: Removed an outdated user guide link from the About dialog.
- #1221: Fixed: Invalid CSS loaded by Balloon Panel plugin when config.skin is loaded using a custom path.
- #522: Fixed: Widget selection is not removed when widget is inside table cell with Table Selection plugin enabled.
- #1027: Fixed: Cannot add multiple images to the table with Table Selection plugin in certain situations.
- #1069: Fixed: Wrong shape processing by Paste from Word plugin.
- #995: Fixed: Hyperlinked image gets inserted twice by Paste from Word plugin.
- #1287: Fixed: Widget plugin throws exception if included in editor build but not loaded into editor’s instance.
API Changes:
- #1097: Widget upcast methods are now called in the widget definition’s context.
- #1118: Added the show option in the balloonPanel.attach() method, allowing to attach a hidden Balloon Panel instance.
- #1145: Added the skipNotifications option to the CKEDITOR.fileTools.uploadWidgetDefinition, allowing to switch off default notifications displayed by upload widgets.
Other Changes:
- #815: Removed Node.js dependency from the CKEditor build script.
- #1041, #1131: Updated URLs pointing to CKSource and CKEditor resources after the launch of new websites.
CKEditor 4.7.3
New Features:
- #568: Added possibility to adjust nested editables’ filters using the CKEDITOR.filter.disallowedContent property.
Fixed Issues:
- #554: Fixed: change event not fired when typing the first character after pasting into the editor. Thanks to Daniel Miller!
- #566: Fixed: The CSS border shorthand property with zero width (border: 0px solid #000;) causes the table to have the border attribute set to 1.
- #779: Fixed: The Remove Format plugin removes elements with language definition inserted by the Language plugin.
- #423: Fixed: The Paste from Word plugin pastes paragraphs into the editor even if CKEDITOR.config.enterMode is set to CKEDITOR.ENTER_BR.
- #719: Fixed: Image inserted using the Enhanced Image plugin can be resized when the editor is in read-only mode.
- #577: Fixed: The “Delete Columns” command provided by the Table Tools plugin throws an error when trying to delete columns.
- #867: Fixed: Typing into a selected table throws an error.
- #817: Fixed: The Save plugin does not work in Source Mode.
Other Changes:
- Updated the WebSpellChecker plugin:
- #40: Fixed: IE10 throws an error when spell checking is started.
- #800: Added the CKEDITOR.dom.selection.isCollapsed() method which is a simpler way to check if the selection is collapsed.
- #830: Added an option to define which dialog tab should be shown by default when creating CKEDITOR.dialogCommand.
CKEditor 4.7.2
New Features:
- #455: Added Advanced Content Filter integration with the Justify plugin.
Fixed Issues:
- #663: [Chrome] Fixed: Clicking the scrollbar throws an Uncaught TypeError: element.is is not a function error.
- #694: Refactoring in the Table Selection plugin:
- #520: Fixed: Widgets cannot be properly pasted into a table cell.
- #460: Fixed: Editor gone after pasting into an editor within a table.
- #579: Fixed: Internal cke_table-faked-selection-table class is visible in the Stylesheet Classes field of the Table Properties dialog.
- #545: [Edge] Fixed: Error thrown when pressing the Select All button in Source Mode.
- #582: Fixed: Double slash in the path to stylesheet needed by the Table Selection plugin. Thanks to Marius Dumitru Florea!
- #491: Fixed: Unnecessary dependency on the Editor Toolbar plugin inside the Notification plugin.
- #646: Fixed: Error thrown into the browser console after opening the Styles Combo plugin menu in the editor without any selection.
- #501: Fixed: Double click does not open the dialog for modifying anchors inserted via the Link plugin.
- #9780: [IE8-9] Fixed: Clicking inside an empty read-only editor throws an error.
- #16820: [IE10] Fixed: Clicking below a single horizontal rule throws an error.
- #426: Fixed: The range.cloneContents() method selects the whole element when the selection starts at the beginning of that element.
- #644: Fixed: The range.extractContents() method returns an incorrect result when multiple nodes are selected.
- #684: Fixed: The elementPath.contains() method incorrectly excludes the last element instead of root when the fromTop parameter is set to true.
Other Changes:
- Updated the SCAYT (Spell Check As You Type) plugin:
- #148: Fixed: SCAYT leaves underlined word after the CKEditor Replace dialog corrects it.
- #751: Added the CKEDITOR.dom.nodeList.toArray() method which returns an array representation of a node list.
CKEditor 4.7.1
New Features:
- Added a new Mexican Spanish localization. Thanks to David Alexandro Rodriguez!
- #413: Added Paste as Plain Text keyboard shortcut to the Accessibility Help instructions.
Fixed Issues:
- #515: [Chrome] Fixed: Mouse actions on CKEditor scrollbar throw an exception when the Table Selection plugin is loaded.
- #493: Fixed: Selection started from a nested table causes an error in the browser while scrolling down.
- #415: [Firefox] Fixed: Enter key breaks the table structure when pressed in a table selection.
- #457: Fixed: Error thrown when deleting content from the editor with no selection.
- #478: [Chrome] Fixed: Error thrown by the Enter Key plugin when pressing Enter with no selection.
- #424: Fixed: Error thrown by Tab Key Handling and Indent List plugins when pressing Tab with no selection in inline editor.
- #476: Fixed: Anchors inserted with the Link plugin on collapsed selection cannot be edited.
- #417: Fixed: The Table Resize plugin throws an error when used with a table with only header or footer rows.
- #523: Fixed: The editor.getCommandKeystroke() method does not obtain the correct keystroke.
- #534: [IE] Fixed: Paste from Word does not work in Quirks Mode.
- #450: Fixed: CKEDITOR.filter incorrectly transforms the margin CSS property.
CKEditor 4.7
Important Notes:
- #13793: The embed_provider configuration option for the Media Embed and Semantic Media Embed plugins is no longer preset by default.
- The UI Color plugin now uses a custom color picker instead of the YUI 2.7.0 library which has some known vulnerabilities (it’s a security precaution, there was no security issue in CKEditor due to the way it was used).
New Features:
- #16755: Added the Table Selection plugin that lets you select and manipulate an arbitrary rectangular table fragment (a few cells, a row or a column).
- #16961: Added support for pasting from Microsoft Excel.
- #13381: Dynamic code evaluation call in CKEDITOR.template removed. CKEditor can now be used without the unsafe-eval Content Security Policy. Thanks to Caridy Patiño!
- #16971: Added support for color in the background property containing also other styles for table cells in the Table Tools plugin.
- #16847: Added support for parsing and inlining any formatting created using the Microsoft Word style system to the Paste from Word plugin.
- #16818: Added table cell height parsing in the Paste from Word plugin.
- #16850: Added a new config.enableContextMenu configuration option for enabling and disabling the context menu.
- #16937: The command parameter in CKEDITOR.editor.getCommandKeystroke() now also accepts a command name as an argument.
- #17010: The CKEDITOR.dom.range.shrink() method now allows for skipping bogus <br> elements.
Fixed Issues:
- #16935: [Chrome] Fixed: Blurring the editor in Source Mode throws an error.
- #16825: [Chrome] Fixed: Error thrown when destroying a focused inline editor.
- #16857: Fixed: Ctrl+Shift+V blocked by Copy Formatting.
- #16845: [IE] Fixed: Cursor jumps to the top of the scrolled editor after focusing it when the Copy Formatting plugin is enabled.
- #16786: Fixed: Added missing translations for the Copy Formatting plugin.
- #14714: [WebKit/Blink] Fixed: Exception thrown on refocusing a blurred inline editor.
- #16913: [Firefox, IE] Fixed: Paste as Plain Text keystroke does not work.
- #16968: Fixed: [Safari] Paste as Plain Text is not handled by the editor.
- #16912: Fixed: Exception thrown when a single image is pasted using Paste from Word.
- #16821: Fixed: Extraneous <span> elements with height style stacked when pasting from Word.
- #16866: [IE, Edge] Fixed: Whitespaces not preserved when pasting from Word.
- #16860: Fixed: Paragraphs which only look like lists incorrectly transformed into them when pasting from Word.
- #16817: Fixed: When pasting from Word, paragraphs are transformed into lists with some corrupted data.
- #16833: [IE11] Fixed: Malformed list with headers pasted from Word.
- #16826: [IE] Fixed: Superfluous paragraphs within lists pasted from Word.
- #12465: Fixed: Cannot change the state of checkboxes or radio buttons if the properties dialog was invoked with a double-click.
- #13062: Fixed: Impossible to unlink when the caret is at the edge of the link.
- #13585: Fixed: Error when wrapping two adjacent <div> elements with a <div>.
- #16811: Fixed: Table alignment is not preserved by the Paste from Word plugin.
- #16810: Fixed: Vertical align in tables is not supported by the Paste from Word plugin.
- #11956: [Blink, IE] Fixed: Link dialog does not open on a double click on the second word of the link with a background color or other styles.
- #10472: Fixed: Unable to use Table Resize on table header and footer.
- #14762: Fixed: Hovering over an empty table (without rows or cells) throws an error when the Table Resize plugin is active.
- #16777: [Edge] Fixed: The Clipboard plugin does not allow to drop widgets into the editor.
- #14894: [Chrome] Fixed: The editor scrolls to the top after focusing or when a dialog is opened.
- #14769: Fixed: URLs with '-' in host are not detected by the Auto Link plugin.
- #16804: Fixed: Focus is not on the first menu item when the user opens a context menu or a drop-down list from the editor toolbar.
- #14407: [IE] Fixed: Non-editable widgets can be edited.
- #16927: Fixed: An error thrown if a bundle containing the Color Button plugin is run in ES5 strict mode. Thanks to Igor Rubinovich!
- #16920: Fixed: Several plugins not using the Dialog plugin as a direct dependency.
- PR#336: Fixed: Typo in CKEDITOR.getCss() API documentation. Thanks to knusperpixel!
- #17027: Fixed: Command event data should be initialized as an empty object.
- Fixed the behavior of HTML parser when parsing src/srcdoc attributes of the <iframe> element in a CKEditor setup with ACF turned off and without the Iframe Dialog plugin. The issue was originally reported as a security issue by Sriramk21 from Pegasystems and was later downgraded by the security team into a normal issue due to the requirement of having ACF turned off. Disabling Advanced Content Filter is against security best practices, so the problem described above has not been considered a security issue as such.
Other Changes:
- Updated SCAYT (Spell Check As You Type) and WebSpellChecker plugins:
- Fixed: DOM Exception after clicking “Remove Language” on a selected word with enabled Language plugin in SCAYT.
- #16958: Switched the default MathJax CDN provider for the Mathematical Formulas plugin from cdn.mathjax.org to cdnjs, due to closing of cdn.mathjax.org scheduled for April 30, 2017.
- #16954: Removed the paste dialog.
- #16982: Latest Safari now supports enhanced Clipboard API introduced in CKEditor 4.5.0.
- #17025: Updated Bender.js to 0.4.2.
CKEditor 4.6.2
New Features:
- #16733: Added a new pastel color palette for the Color Button plugin and a new config.colorButton_colorsPerRow configuration option for setting the number of rows in the color selector.
- #16752: Added a new Azerbaijani localization. Thanks to the Azerbaijani language team!
- #13818: It is now possible to group Widget style definitions, so applying one style disables the other.
Fixed Issues:
- #13446: [Chrome] Fixed: It is possible to type in an unfocused inline editor.
- #14856: Fixed: Font size and font family reset each other when modified at certain positions.
- #16745: [Edge] Fixed: List items are lost when pasted from Word.
- #16682: [Edge] Fixed: A list gets pasted from Word as a set of paragraphs. Added the config.pasteFromWord_heuristicsEdgeList configuration option.
- #10373: Fixed: Context menu items can be dragged into the editor.
- #16728: [IE] Fixed: Copy Formatting breaks the editor in Quirks Mode.
- #16795: [IE] Fixed: Copy Formatting breaks the editor in Compatibility Mode.
- #16675: Fixed: Styles applied with Copy Formatting to a single table cell are applied to the whole table.
- #16753: Fixed: element.setSize() sets incorrect editor dimensions if the border width is represented as a fraction of pixels.
- #16705: [Firefox] Fixed: Unable to paste images as Base64 strings when using Clipboard.
- #14869: Fixed: JavaScript error is thrown when trying to use Find in a <div>-based editor.
CKEditor 4.6.1
New Features:
- #16639: The callback parameter in the CKEDITOR.ajax.post() method became optional.
Fixed Issues:
- #11064: [Blink, WebKit] Fixed: Cannot select all editor content when a widget or a non-editable element is the first or last element of the content. Also fixes this issue in the Select All plugin.
- #14755: [Blink, WebKit, IE8] Fixed: Browser hangs when a table is inserted in the place of a selected list with an empty last item.
- #16624: Fixed: Improved the Color Button plugin which will now normalize the CSS background property if it only contains a color value. This fixes missing background colors when using Paste from Word.
- #16600: [Blink, WebKit] Fixed: Error thrown occasionally by an uninitialized editable for multiple CKEditor instances on the same page.
CKEditor 4.6
New Features:
- #14569: Added a new, flat, default CKEditor skin called Moono-Lisa. Refreshed default colors available in the Color Button plugin (Text Color and Background Color feature).
- #14707: Added a new Copy Formatting feature to enable easy copying of styles between your document parts.
- Introduced the completely rewritten Paste from Word plugin:
- Backward incompatibility: The config.pasteFromWordRemoveFontStyles option now defaults to false. This option will be deprecated in the future. Use Advanced Content Filter to replicate the effect of setting it to true.
- Backward incompatibility: The config.pasteFromWordNumberedHeadingToList and config.pasteFromWordRemoveStyles options were dropped and no longer have any effect on pasted content.
- Major improvements in preservation of list numbering, styling and indentation (nested lists with multiple levels).
- Major improvements in document structure parsing that fix plenty of issues with distorted or missing content after paste.
- Added new translation: Occitan. Thanks to Cédric Valmary!
- #10015: Keyboard shortcuts (relevant to the operating system in use) will now be displayed in tooltips and context menus.
- #13794: The Upload Image feature now uses uploaded.width/height if set.
- #12541: Added the Upload File plugin that lets you upload a file by drag&dropping it into the editor content.
- #14449: Introduced the Balloon Panel plugin that lets you create stylish floating UI elements for the editor.
- #12077: Added support for the HTML5 download attribute in link (<a>) elements. Selecting the “Force Download” checkbox in the Link dialog will cause the linked file to be downloaded automatically. Thanks to sbusse!
- #13518: Introduced the additionalRequestParameters property for file uploads to make it possible to send additional information about the uploaded file to the server.
- #14889: Added the config.image2_altRequired option for the Enhanced Image plugin to allow making alternative text a mandatory field. Thanks to Andrey Fedoseev!
Fixed Issues:
- #9991: Fixed: Paste from Word should only normalize input data.
- #7209: Fixed: Lists with 3 levels not pasted from Word correctly.
- #14335: Fixed: Pasting a numbered list starting with a value different from “1” from Microsoft Word does not work correctly.
- #14542: Fixed: Copying a numbered list from Microsoft Word does not preserve list formatting.
- #14544: Fixed: Copying a nested list from Microsoft Word results in an empty list.
- #14660: Fixed: Pasting text from Word breaks the styling in some cases.
- #14867: [Firefox] Fixed: Text gets stripped when pasting content from Word.
- #2507: Fixed: Paste from Word does not detect pasting a part of a paragraph.
- #3336: Fixed: Extra blank row added on top of the content pasted from Word.
- #6115: Fixed: When Right-to-Left text direction is applied to a table pasted from Word, borders are missing on one side.
- #6342: Fixed: Paste from Word filters out a basic text style when it is configured to use attributes.
- #6457: [IE] Fixed: Pasting from Word is extremely slow.
- #6789: Fixed: The mso-list: ignore style is not handled properly when pasting from Word.
- #7262: Fixed: Lists in preformatted body disappear when pasting from Word.
- #7662: [Opera] Fixed: Extra empty number/bullet shown in the editor body when editing a multi-level list pasted from Word.
- #7807: Fixed: Last item in a list not converted to a <li> element after pasting from Word.
- #7950: [IE] Fixed: Content from Word pasted differently than in other browsers.
- #7982: Fixed: Multi-level lists get split into smaller ones when pasting from Word.
- #8231: [WebKit, Opera] Fixed: Paste from Word inserts empty paragraphs.
- #8266: Fixed: Paste from Word inserts a blank line at the top.
- #8341, #7646: Fixed: Faulty removal of empty <span> elements in Paste from Word content cleanup breaking content formatting.
- #8754: [Firefox] Fixed: Incorrect pasting of multiple nested lists in Paste from Word.
- #8983: Fixed: Alignment lost when pasting from Word with config.enterMode set to CKEDITOR.ENTER_BR.
- #9331: [IE] Fixed: Pasting text from Word creates a simple Caesar cipher.
- #9422: Fixed: Paste from Word leaves an unwanted color:windowtext style.
- #10011: [IE9-10] Fixed: config.pasteFromWordRemoveFontStyles is ignored under certain conditions.
- #10643: Fixed: Differences between using Ctrl+V and pasting from the Paste from Word dialog.
- #10784: Fixed: Lines missing when pasting from Word.
- #11294: [IE10] Fixed: Font size is not preserved when pasting from Word.
- #11627: Fixed: Missing words when pasting from Word.
- #12784: Fixed: Bulleted list with custom bullets gets changed to a numbered list when pasting from Word.
- #13174: Fixed: Data loss after pasting from Word.
- #13828: Fixed: Widget classes should be added to the wrapper rather than the widget element.
- #13829: Fixed: No class in Widget wrapper to identify the widget type.
- #13519: Server response received when uploading files should be more flexible.
Other Changes:
- Updated SCAYT (Spell Check As You Type) and WebSpellChecker plugins:
- Support for the new default Moono-Lisa skin.
- #121: Fixed: Basic Styles do not work when SCAYT is enabled.
- #125: Fixed: Inline styles are not continued when writing multiple lines of styled text with SCAYT enabled.
- #127: Fixed: Uncaught TypeError after enabling SCAYT in the CKEditor <div> element.
- #128: Fixed: Error thrown after enabling SCAYT caused by conflicts with RequireJS.
CKEditor 4.5.11
Security Updates:
[Severity: minor] Fixed the target="_blank" vulnerability reported by James Gaskell.
Issue summary: If a victim had access to a spoofed version of ckeditor.com via HTTP (e.g. due to DNS spoofing, using a hacked public network or mailicious hotspot), then when using a link to the ckeditor.com website it was possible for the attacker to change the current URL of the opening page, even if the opening page was protected with SSL.
An upgrade is recommended.
New Features:
- #14747: The Enhanced Image caption now supports the link target attribute.
- #7154: Added support for the “Display Text” field to the Link dialog. Thanks to Ryan Guill!
Fixed Issues:
- #13362: [Blink, WebKit] Fixed: Active widget element is not cached when it is losing focus and it is inside an editable element.
- #13755: [Edge] Fixed: Pasting images does not work.
- #13548: [IE] Fixed: Clicking the elements path disables Cut and Copy icons.
- #13812: Fixed: When aborting file upload the placeholder for image is left.
- #14659: [Blink] Fixed: Content scrolled to the top after closing the dialog in a <div>-based editor.
- #14825: [Edge] Fixed: Focusing the editor causes unwanted scrolling due to dropped support for the setActive() method.
CKEditor 4.5.10
Fixed Issues:
- #10750: Fixed: The editor does not escape the font-style family property correctly, removing quotes and whitespace from font names.
- #14413: Fixed: The Auto Grow plugin with the config.autoGrow_onStartup option set to true does not work properly for an editor that is not visible.
- #14451: Fixed: Numeric element ID not escaped properly. Thanks to Jakub Chalupa!
- #14590: Fixed: Additional line break appearing after inline elements when switching modes. Thanks to dpidcock!
- #14539: Fixed: JAWS reads “selected Blank” instead of "selected " when selecting a widget.
- #14701: Fixed: More precise labels for Enhanced Image and Placeholder widgets.
- #14667: [IE] Fixed: Removing background color from selected text removes background color from the whole paragraph.
- #14252: [IE] Fixed: Styles drop-down list does not always reflect the current style of the text line.
- #14275: [IE9+] Fixed: onerror and onload events are not used in browsers it could have been used when loading scripts dynamically.
CKEditor 4.5.9
Fixed Issues:
- #10685: Fixed: Unreadable toolbar icons after updating to the new editor version. Fixed with 6876179 in ckeditor4 and 6c9189f4 in ckeditor4-presets.
- #14573: Fixed: Missing Widget drag handler CSS when there are multiple editor instances.
- #14620: Fixed: Setting both the min-height style for the <body> element and the height style for the <html> element breaks the Auto Grow plugin.
- #14538: Fixed: Keyboard focus goes into an embedded <iframe> element.
- #14602: Fixed: The dom.element.removeAttribute() method does not remove all attributes if no parameter is given.
- #8679: Fixed: Better focus indication and ability to style the selected color in the color picker dialog.
- #11697: Fixed: Content is replaced ignoring the letter case setting in the Find and Replace dialog window.
- #13886: Fixed: Invalid handling of the CKEDITOR.style instance with the styles property by CKEDITOR.filter.
- #14535: Fixed: CSS syntax corrections. Thanks to mdjdenormandie!
CKEditor 4.5.8
New Features:
- #12440: Added the config.colorButton_enableAutomatic option to allow hiding the “Automatic” option in the color picker.
Fixed Issues:
- #10448: Fixed: Lack of scrollbar in the right-to-left text direction.
- #12707: Fixed: The order of table elements does not comply with the HTML specification.
- #13756: [Edge] Fixed: Context menus are cut-off.
CKEditor 4.5.7
New Features:
- #14327: Added Swiss German localization. Thanks to Miro Grenda!
Fixed Issues:
- #13816: Introduced a new strategy for Filling Character handling to avoid changes in DOM. This fixes the following issues:
- #12727: [Blink] IndexSizeError when using the Div Editing Area and Content Templates plugins.
- #13377: Widget plugin issue when typing in Korean.
- #13389: [Blink] editor.getData() fails when the cursor is next to an <hr> tag.
- #13513: [Blink, WebKit] Div Editing Area and editor.getData() throw an error when an image is the only data in the editor.
- #13884: [Firefox] Fixed: Copying and pasting a table results in just the first cell being pasted.
- #14234: Fixed: URL input field is not marked as required in the Media Embed dialog.
CKEditor 4.5.6
New Features:
- Introduced the CKEDITOR.tools.getCookie() and CKEDITOR.tools.setCookie() methods for accessing cookies.
- Introduced the CKEDITOR.tools.getCsrfToken() method. The CSRF token is now automatically sent by the File Browser and File Tools plugins during file uploads. The server-side upload handlers may check it and use it to additionally secure the communication.
Other Changes:
- Updated SCAYT (Spell Check As You Type):
- New features:
- CKEditor Language plugin support.
- CKEditor Placeholder plugin support.
- Drag&Drop support.
- Experimental GRAYT (Grammar As You Type) functionality.
- Fixed issues:
- #98: SCAYT affects dialog double-click. Fixed in SCAYT core.
- #102: SCAYT core performance enhancements.
- #104: SCAYT’s spans leak into the clipboard and after pasting.
- #105: A JavaScript error fired in case of multiple instances of CKEditor on one page.
- #107: SCAYT should not check non-editable parts of content.
- #108: Latest SCAYT copies the ID of the editor element to the iframe.
- SCAYT stops working when CKEditor Undo plugin not enabled.
- Issue with pasting SCAYT markup in CKEditor.
- SCAYT stops working after pressing the Cancel button in the WSC dialog.
- New features:
CKEditor 4.5.5
Fixed Issues:
- #13887: Fixed: Link plugin alters the target attribute value. Thanks to SamZiemer!
- #12189: Fixed: The Link plugin dialog does not display the subject of email links if the subject parameter is not lowercase.
- #9192: Fixed: An undefined string is appended to an email address added with the Link plugin if subject and email body are empty and config.emailProtection is set to encode.
- #13790: Fixed: It is not possible to destroy the editor <iframe> after the editor was detached from DOM. Thanks to Stefan Rijnhart!
- #13803: Fixed: The editor cannot be destroyed before being fully initialized. Thanks to Cyril Fluck!
- #13867: Fixed: CKEditor does not work when the classList polyfill is used.
- #13885: Fixed: Enhanced Image requires the Link plugin to link an image.
- #13883: Fixed: Copying a table using the context menu strips off styles.
- #13872: Fixed: Cutting is possible in the read-only mode.
- #12848: [Blink] Fixed: Opening the Find and Replace dialog window in the read-only mode throws an exception.
- #13879: Fixed: It is not possible to prevent the editor.drop event.
- #13361: Fixed: Skin images fail when the site path includes parentheses because the background-image path needs single quotes around the URL value.
- #13771: Fixed: The contents.css style is not used if the IFrame Editing Area plugin is missing.
- #13782: Fixed: Unclear log messages.
- #13919: [Edge] Fixed: Browser window crashes when accessing the isContentEditable property of an <input> DOM element.
Other Changes:
- #13859: Test cases created with bender.tools.createTestsForEditors will also receive editor bot as a second parameter.
CKEditor 4.5.4
New Features:
- #13632: Introduce error logging mechanism.
- #13730: Switch to the new error logging mechanism.
Fixed Issues:
- #9856: Fixed: Cannot use the native context menu together with the Div Editing Area plugin. Thanks to Mark Wade!
- #12733: [IE9+] Fixed: Radio button onChange does not work. Thanks to Iliya Kostadinov!
- #13142: [Edge] Fixed: Ctrl+A and then Backspace result in an empty <div> element.
- #13599: Fixed: Cross-editor drag and drop of an inline widget results in error/artifacts.
- #13640: [IE] Fixed: Dropping a widget outside the <body> element is not handled correctly.
- #13533: Fixed: No progress during upload.
- #13680: Fixed: The parser should allow the <h1-6> element to be a child of the <summary> element.
- #11724: [Touch devices] Fixed: Drop-downs often hide right after opening them.
- #13690: Fixed: Copying content from IE to Chrome adds an extra paragraph.
- #13284: Fixed: Cannot drag and drop a widget if the text caret is placed just after the widget instance.
- #13516: Fixed: CKEditor removes empty HTML5 anchors without the name attribute.
- #13765: [Safari 9] Fixed: Problems with rendering samples.
Other Changes:
- #11725: Marked CKEDITOR.env.mobile as deprecated. The reason is that it is no longer clear what “mobile” means.
- #13737: Upgraded Bender.js to 0.4.1.
CKEditor 4.5.3
New Features:
- #13501: Added the config.fileTools_defaultFileName option to allow setting a default file name for paste uploads.
- #13603: Added support for uploading dropped BMP images.
Fixed Issues:
- #13590: Fixed: Various issues related to the Paste from Word feature. Fixes also:
- #11215,
- #8780,
- #12762.
- #13386: [Edge] Fixed: Issues with selecting and editing images.
- #13568: Fixed: The editor.getSelectedHtml() method returns invalid results for entire content selection.
- #13453: Fixed: Drag&drop of entire editor content throws an error.
- #13465: Fixed: Error is thrown and the widget is lost on drag&drop if it is the only content of the editor.
- #13414: Fixed: Content auto paragraphing in a nested editable despite editor configuration.
- #13429: Fixed: Incorrect selection after content insertion by the Auto Embed plugin.
- #13388: Fixed: Table Resize integration with Undo is broken.
Other Changes:
- #13637: Several icons were refactored.
- Updated Bender.js to 0.3.0 and introduced the ability to run tests via HTTPs (#13265).
CKEditor 4.5.2
Fixed Issues:
- #13609: [Edge] Fixed: The browser crashes when switching to the source mode. Thanks to Andrew Williams and Mark Smeed!
- PR#201: Fixed: Buttons in the toolbar configurator cause form submission. Thanks to colemanw!
- #13422: Fixed: A monospaced font should be used in the <textarea> element storing editor configuration in the toolbar configurator.
- #13494: Fixed: Error thrown in the toolbar configurator if plugin requirements are not met.
- #13409: Fixed: List elements incorrectly merged when pressing Backspace or Delete.
- #13434: Fixed: Dialog state indicator broken in Right–To–Left environments.
- #13460: [IE8] Fixed: Copying inline widgets is broken when Advanced Content Filter is disabled.
- #13495: [Firefox, IE] Fixed: Text is not word-wrapped in the Paste dialog window.
- #13528: [Firefox@Windows] Fixed: Content copied from Microsoft Word and other external applications is pasted as a plain text. Removed the CKEDITOR.plugins.clipboard.isHtmlInExternalDataTransfer property as the check must be dynamic.
- #13583: Fixed: DataTransfer.getData() should work consistently in all browsers and should not strip valuable content. Fixed pasting tables from Microsoft Excel on Chrome.
- #13468: [IE] Fixed: Binding drag&drop dataTransfer does not work if text data was set in the meantime.
- #13451: [IE8-9] Fixed: One drag&drop operation may affect following ones.
- #13184: Fixed: Web page reloaded after a drop on editor UI.
- #13129 Fixed: Block widget blurred after a drop followed by an undo.
- #13397: Fixed: Drag&drop of a widget inside its nested widget crashes the editor.
- #13385: Fixed: editor.getSnapshot() may return a non-string value.
- #13419: Fixed: The Auto Link plugin does not encode double quotes in URLs.
- #13420: Fixed: The Auto Embed plugin ignores encoded characters in URL parameters.
- #13410: Fixed: Error thrown in the Auto Embed plugin when undoing right after pasting a link.
- #13566: Fixed: Suppressed notifications in the Media Embed Base plugin.
- #11616: [Chrome] Fixed: Resizing the editor while it is not displayed breaks the editable. Fixes also #9160 and #9715.
- #11376: [IE11] Fixed: Loss of text when pasting bulleted lists from Microsoft Word.
- #13143: [Edge] Fixed: Focus lost when opening the panel.
- #13387: [Edge] Fixed: “Permission denied” error thrown when loading the editor with developer tools open.
- #13574: [Edge] Fixed: “Permission denied” error thrown when opening editor dialog windows.
- #13441: [Edge] Fixed: The Clipboard plugin breaks the state of Undo commands after a paste.
- #13554: [Edge] Fixed: Paste dialog’s iframe does not receive focus on show.
- #13440: [Edge] Fixed: Unable to paste a widget.
Other Changes:
- #13421: UX improvements to notifications in the Auto Embed plugin.
CKEditor 4.5.1
Fixed Issues:
- #13486: Fixed: The Upload Image plugin should log an error, not throw an error when upload URL is not set.
CKEditor 4.5
New Features:
- #13304: Added support for passing DOM elements to config.sharedSpaces. Thanks to Undergrounder!
- #13215: Added ability to cancel fetching a resource by the Embed plugins.
- #13213: Added the dialog#setState() method and used it in the Embed dialog to indicate that a resource is being loaded.
- #13337: Added the repository.onWidget() method — a convenient way to listen to widget events through the repository.
- #13214: Added support for pasting links that convert into embeddable resources on the fly.
Fixed Issues:
- #13334: Fixed: Error after nesting widgets and playing with undo/redo.
- #13118: Fixed: The editor.getSelectedHtml() method throws an error when called in the source mode.
- #13158: Fixed: Error after canceling a dialog when creating a widget.
- #13197: Fixed: Linked inline Enhanced Image alignment class is not transferred to the widget wrapper.
- #13199: Fixed: Semantic Embed does not support widget classes.
- #13003: Fixed: Anchors are uploaded when moving them by drag and drop.
- #13032: Fixed: When upload is done, notification update should be marked as important.
- #13300: Fixed: The internalCommit argument in the Image dialog seems to be never used.
- #13036: Fixed: Notifications are moved 10px to the right.
- #13280: [IE8] Fixed: Undo after inline widget drag&drop throws an error.
- #13186: Fixed: Content dropped into a nested editable is not filtered by Advanced Content Filter.
- #13140: Fixed: Error thrown when dropping a block widget right after itself.
- #13176: [IE8] Fixed: Errors on drag&drop of embed widgets.
- #13015: Fixed: Dropping an image file on Enhanced Image causes a page reload.
- #13080: Fixed: Ugly notification shown when the response contains HTML content.
- #13011: [IE8] Fixed: Anchors are duplicated on drag&drop in specific locations.
- #13105: Fixed: Various issues related to CKEDITOR.tools.htmlEncode() and CKEDITOR.tools.htmlDecode() methods.
- #11976: [Chrome] Fixed: Copy&paste and drag&drop lists from Microsoft Word.
- #13128: Fixed: Various issues with cloning element IDs:
- Fixed the default behavior of range.cloneContents() and range.extractContents() methods which now clone IDs similarly to their native counterparts.
- Added cloneId arguments to the above methods, range.splitBlock() and element.breakParent(). Mind the default values and special behavior in the extractContents() method!
- Fixed issues where IDs were lost on copy&paste and drag&drop.
- Toolbar configurators:
- #13185: Fixed: Wrong position of the suggestion box if there is not enough space below the caret.
- #13138: Fixed: The “Toggle empty elements” button label is unclear.
- #13136: Fixed: Autocompleter is far too intrusive.
- #13133: Fixed: Tab leaves the editor.
- #13173: Fixed: config.removeButtons is ignored by the advanced toolbar configurator.
Other Changes:
- #13119: Improved compatibility of editor skins (Moono and Kama) with external web page style sheets.
- Toolbar configurators:
- #13147: Added buttons to the sticky toolbar.
- #13207: Used modal window to display toolbar configurator help.
- #13316: Made CKEDITOR.env.isCompatible a blacklist rather than a whitelist. More about the change in the Browser Compatibility guide.
- #13398: Renamed CKEDITOR.fileTools.UploadsRepository to CKEDITOR.fileTools.UploadRepository and changed all related properties.
- #13279: Reviewed CSS vendor prefixes.
- #13454: Removed unused lang.image.alertUrl token from the Image plugin.
CKEditor 4.5 Beta
New Features:
Clipboard (copy&paste, drag&drop) and file uploading features and improvements (#11437).
Major features:
- Support for dropping and pasting files into the editor was introduced. Through a set of new facades for native APIs it is now possible to easily intercept and process inserted files.
- File upload tools were introduced in order to simplify controlling the loading, uploading and handling server response, properly handle new upload configuration options, etc.
- Upload Image widget was introduced to upload dropped images. A base class for the upload widget was exposed, too, to make it simple to create new types of upload widgets which can handle any type of dropped file, show the upload progress and update the content when the process is done. It also handles editing and undo/redo operations when a file is being uploaded and integrates with the notification aggregator to show progress and success or error.
- All drag and drop operations were integrated with the editor. All dropped content is passed through the editor#paste event and a set of new editor events was introduced — dragstart, drop, dragend.
- The Data Transfer facade was introduced to unify access to data in various types and files. Data Transfer is now always available in the editor#paste event.
- Switched from the pastebin to using the native clipboard access whenever possible. This solved many issues related to pastebin such as unnecessary scrolling or data loss. Additionally, on copy and cut from the editor the clipboard data is set. Therefore, on paste the editor has access to clean data, undisturbed by the browsers.
- Drag and drop of inline and block widgets was integrated with the standard clipboard APIs. By listening to drag events you will thus be notified about widgets, too. This opens a possibility to filter pasted and dropped widgets.
- The editor#paste event can have the range parameter so it is possible to change the paste position in the listener or paste in the not selectable position. Also the editor.insertHtml() method now accepts range as an additional parameter.
- #11621: A configurable paste filter was introduced. The filter is by default turned to ‘semantic-content’ on Webkit and Blink for all pasted content coming from external sources because of the low quality of HTML that these engines put into the clipboard. Internal and cross-editor paste is safe due to the change explained in the previous point.
Other changes and related fixes:
- #12095: On drag and copy of widgets the same method is used to get selected HTML as in the normal case. Thanks to that styles applied to inline widgets are not lost.
- #11219: Fixed: Dragging a captioned image does not fire the editor#paste event.
- #9554: [Webkit Mac] Fixed: Editor scrolls on paste.
- #9898: [Webkit&Divarea] Fixed: Pasting causes undesirable scrolling.
- #11993: [Chrome] Fixed: Pasting content scrolls the document.
- #12613: Show the user that they can not drop on editor UI (toolbar, bottom bar).
- #12851: [Blink/Webkit] Fixed: Formatting disappears when pasting content into cells.
- #12914: Fixed: Copy/Paste of table broken in div-based editor.
Browser support.
Browser support for related features varies significantly (see http://caniuse.com/clipboard).- File APIs needed to operate and file upload is not supported in Internet Explorer 9 and below.
- Only Chrome and Safari on Mac OS support setting custom data items in the clipboard, so currently it is possible to recognize the origin of the copied content in these browsers only. All drag and drop operations can be identified thanks to the new Data Transfer facade.
- No Internet Explorer browser supports the standard clipboard API which results in small glitches like where only plain text can be dropped from outside the editor. Thanks to the new Data Transfer facade, internal and cross-editor drag and drop supports the full range of data.
- Direct access to clipboard could only be implemented in Chrome, Safari on Mac OS, Opera and Firefox. In other browsers the pastebin must still be used.
#12875: Samples and toolbar configuration tools.
- The old set of samples shipped with every CKEditor package was replaced with a shiny new single-page sample. This change concluded a long term plan which started from introducing the CKEditor SDK and CKEditor Features Overview section in the documentation which essentially redefined the old samples.
- Toolbar configurators with live previews were introduced. They will be shipped with every CKEditor package and are meant to help in configuring toolbar layouts.
#10925: The Media Embed and Semantic Media Embed plugins were introduced. Read more about the new features in the Embedding Content article.
#10931: Added support for nesting widgets. It is now possible to insert one widget into another widget’s nested editable. Note that unless nested editable’s allowed content is defined precisely, starting from CKEditor 4.5 some widget buttons may become enabled. This feature is not supported in IE8. Included issues:
- #12018: Fixed and reviewed: Nested widgets garbage collection.
- #12024: [Firefox] Fixed: Outline is extended to the left by unpositioned drag handlers.
- #12006: Fixed: Drag and drop of nested block widgets.
- #12008: Fixed various cases of inserting a single non-editable element using the editor.insertHtml() method. Fixes pasting a widget with a nested editable inside another widget’s nested editable.
Notification system:
- #11580: Introduced the notification system.
- #12810: Introduced a notification aggregator for the notification system which simplifies displaying progress of many concurrent tasks.
#11636: Introduced new, UX-focused, methods for getting selected HTML and deleting it — editor.getSelectedHtml() and editor.extractSelectedHtml().
#12416: Added the widget.definition.upcastPriority property which gives more control over widget upcasting order to the widget author.
#12036: Initialize the editor in read-only mode when the <textarea> element has a readonly attribute.
#11905: The resize event passes the current dimensions in its data.
#12126: Introduced config.image_prefillDimensions and config.image2_prefillDimensions to make pre-filling width and height configurable for the Enhanced Image.
#12746: Added a new configuration option to hide the Enhanced Image resizer.
#12150: Exposed the getNestedEditable() and is* widget helper functions (see the static methods).
#12448: Introduced the editable.insertHtmlIntoRange method.
#12143: Added the config.floatSpacePreferRight configuration option that switches the alignment of the floating toolbar. Thanks to InvisibleBacon!
#10986: Added support for changing dialog input and textarea text directions by using the Shift+Alt+Home/End keystrokes. The direction is stored in the value of the input by prepending the \u202A or \u202B marker to it. Read more in the documentation. Thanks to edithkk!
#12770: Added support for passing widget’s startup data as a widget command’s argument. Thanks to Rebrov Boris and Tieme van Veen!
#11583: Added support for the HTML5 required attribute in various form elements. Thanks to Steven Busse!
Changes:
- #12858: Basic Spartan browser compatibility. Full compatibility will be introduced later, because at the moment Spartan is still too unstable to be used for tests and we see many changes from version to version.
- #12948: The config.mathJaxLibrary option does not default to the MathJax CDN any more. It needs to be configured to enable the Mathematical Formulas plugin now.
- #13069: Fixed inconsistencies between editable.insertHtml() and editable.insertElement() when the range parameter is used. Now, the editor.insertElement() method works on a higher level, which means that it saves undo snapshots and sets the selection after insertion. Use the editable.insertElementIntoRange() method directly for the pre 4.5 behavior of editable.insertElement().
- #12870: Use editor.showNotification() instead of alert() directly whenever possible. When the Notification plugin is loaded, the notification system is used automatically. Otherwise, the native alert() is displayed.
- #8024: Swapped behavior of the Split Cell Vertically and Horizontally features of the Table Tools plugin to be more intuitive. Thanks to kevinisagit!
- #10903: Performance improvements for the dom.element.addClass(), dom.element.removeClass() and dom.element.hasClass() methods. Note: The previous implementation allowed passing multiple classes to addClass() although it was only a side effect of that implementation. The new implementation does not allow this.
- #11856: The jQuery adapter throws a meaningful error if CKEditor or jQuery are not loaded.
Fixed issues:
- #11586: Fixed: range.cloneContents() should not change the DOM in order not to affect selection.
- #12148: Fixed: dom.element.getChild() should not modify a passed array.
- #12503: [Blink/Webkit] Fixed: Incorrect result of Select All and Backspace or Delete.
- #13001: [Firefox] Fixed: The <br /> filler is placed in the wrong position by the range.fixBlock() method due to quirky Firefox behavior.
- #13101: [IE8] Fixed: Colons are prepended to HTML5 element names when cloning them.
CKEditor 4.4.8
Security Updates:
Fixed XSS vulnerability in the HTML parser reported by Dheeraj Joshi and Prem Kumar.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.
An upgrade is highly recommended!
Fixed Issues:
- #12899: Fixed: Corrected wrong tag ending for horizontal box definition in the Dialog User Interface plugin. Thanks to mizafish!
- #13254: Fixed: Cannot outdent block after indent when using the Div Editing Area plugin. Thanks to Jonathan Cottrill!
- #13268: Fixed: Documentation for CKEDITOR.dom.text is incorrect. Thanks to Ben Kiefer!
- #12739: Fixed: Link loses inline styles when edited without the Advanced Tab for Dialogs plugin. Thanks to Віталій Крутько!
- #13292: Fixed: Protection pattern does not work in attribute in self-closing elements with no space before />. Thanks to Віталій Крутько!
- PR#192: Fixed: Variable name typo in the Dialog User Interface plugin which caused CKEDITOR.ui.dialog.radio validation to not work. Thanks to Florian Ludwig!
- #13232: [Safari] Fixed: The element.appendText() method does not work properly for empty elements.
- #13233: Fixed: HTMLDataProcessor can process foo:href attributes.
- #12796: Fixed: The Indent List plugin unwraps parent <li> elements. Thanks to Andrew Stucki!
- #12885: Added missing editor.getData() parameter documentation.
- #11982: Fixed: Bullet added in a wrong position after the Enter key is pressed in a nested list.
- #13027: Fixed: Keyboard navigation in dialog windows with multiple tabs not following IBM CI 162 instructions or ARIA Authoring Practices.
- #12256: Fixed: Basic styles classes are lost when pasting from Microsoft Word if basic styles were configured to use classes.
- #12729: Fixed: Incorrect structure created when merging a block into a list item on Backspace and Delete.
- #13031: [Firefox] Fixed: No more line breaks in source view since Firefox 36.
- #13131: Fixed: The Code Snippet plugin cannot be used without the IFrame Editing Area plugin.
- #9086: Fixed: Invalid ARIA property used on paste area <iframe>.
- #13164: Fixed: Error when inserting a hidden field.
- #13155: Fixed: Incorrect Line Utilities positioning when <body> has a margin.
- #13351: Fixed: Link lost when editing a linked image with the Link tab disabled. This also fixed a bug when inserting an image into a fully selected link would throw an error (#12847).
- #13344: [WebKit/Blink] Fixed: It is possible to remove or change editor content in read-only mode.
Other Changes:
- #12844 and #13103: Upgraded the testing environment to Bender.js 0.2.3.
- #12930: Because of licensing issues, truncated-mathjax/ is now removed from the tests/ directory. Now bender.config.mathJaxLibPath must be configured manually in order to run Mathematical Formulas plugin tests.
- #13266: Added more shades of gray in the Color Dialog window. Thanks to mizafish!
CKEditor 4.4.7
Fixed Issues:
- #12825: Fixed: Preventing the Table Resize plugin from operating on elements outside the editor. Thanks to Paul Martin!
- #12157: Fixed: Lost text formatting on pressing Tab when the config.tabSpaces configuration option value was greater than zero.
- #12777: Fixed: The table-layout CSS property should be reset by skins. Thanks to vita10gy!
- #12812: Fixed: An uncaught security exception is thrown when Line Utilities are used in an inline editor loaded in a cross-domain iframe. Thanks to Vitaliy Zurian!
- #12735: Fixed: config.fillEmptyBlocks should only apply when outputting data.
- #10032: Fixed: Paste from Word filter is executed for every paste after using the button.
- #12597: [Blink/WebKit] Fixed: Multi-byte Japanese characters entry not working properly after Shift+Enter.
- #12387: Fixed: An error is thrown if a skin does not have the chameleon property defined and config.uiColor is defined.
- #12747: [IE8-10] Fixed: Opening a drop-down for a specific selection when the editor is maximized results in incorrect drop-down panel position.
- #12850: [IEQM] Fixed: An error is thrown after focusing the editor.
CKEditor 4.4.6
Security Updates:
Fixed XSS vulnerability in the HTML parser reported by Maco Cortes.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.
An upgrade is highly recommended!
New Features:
- #12501: Allowed dashes in element names in the string format of allowed content rules.
- #12550: Added the <main> element to the CKEDITOR.dtd.
Fixed Issues:
- #12506: [Safari] Fixed: Cannot paste into inline editor if the page has user-select: none style. Thanks to shaohua!
- #12683: Fixed: Filter fails to remove custom tags. Thanks to timselier!
- #12489 and #12491: Fixed: Various issues related to restoring the selection after performing operations on filler character. See the fixed cases.
- #12621: Fixed: Cannot remove inline styles (bold, italic, etc.) in empty lines.
- #12630: [Chrome] Fixed: Selection is placed outside the paragraph when the New Page button is clicked. This patch significantly simplified the way how the initial selection (a selection after the content of the editable is overwritten) is being fixed. That might have fixed many related scenarios in all browsers.
- #11647: Fixed: The editor.blur event is not fired on first blur after initializing the inline editor on an already focused element.
- #12601: Fixed: Strikethrough button tooltip spelling.
- #12546: Fixed: The Preview tab in the Document Properties dialog window is always disabled.
- #12300: Fixed: The editor.change event fired on first navigation key press after typing.
- #12141: Fixed: List items are lost when indenting a list item with content wrapped with a block element.
- #12515: Fixed: Cursor is in the wrong position when undoing after adding an image and typing some text.
- #12484: [Blink/WebKit] Fixed: DOM is changed outside the editor area in a certain case.
- #12688: Improved the tests of the styles system and fixed two minor issues.
- #12403: Fixed: Changing the font style should not lead to nesting it in the previous style element.
- #12609: Fixed: Incorrect config.magicline_putEverywhere name used for a Magic Line all-encompassing config.magicline_everywhere configuration option.
CKEditor 4.4.5
New Features:
- #12279: Added a possibility to pass a custom evaluator to node.getAscendant().
Fixed Issues:
- #12423: [Safari7.1+] Fixed: Enter key moved cursor to a strange position.
- #12381: [iOS] Fixed: Selection issue. Thanks to Remiremi!
- #10804: Fixed: CKEDITOR_GETURL is not used with some plugins where it should be used. Thanks to Thomas Andraschko!
- #9137: Fixed: The <base> tag is not created when <head> has an attribute. Thanks to naoki.fujikawa!
- #12377: Fixed: Errors thrown in the Image plugin when removing preview from the dialog window definition. Thanks to Axinet!
- #12162: Fixed: Auto paragraphing and Enter key in nested editables.
- #12315: Fixed: Marked config.autoParagraph as deprecated.
- #12113: Fixed: A code snippet should be presented in the elements path as “code snippet” (translatable).
- #12311: Fixed: Remove Format should also remove <cite> elements.
- #12261: Fixed: The filter is not destroyed and removed from CKEDITOR.filter.instances on editor destroy.
- #12398: Fixed: Maximize does not work on an instance without a title.
- #12097: Fixed: JAWS not reading the number of options correctly in the Text Color and Background Color button menu.
- #12411: Fixed: Page Break used directly in the editable breaks the editor.
- #12354: Fixed: Various issues in undo manager when holding keys.
- #12324: [IE8] Fixed: Undo steps are not recorded when changing the caret position by clicking below the body.
- #12332: Fixed: Lowered DOM events listeners’ priorities in undo manager in order to avoid ambiguity.
- #12402: [Blink] Fixed: Workaround for Blink bug with document.title which breaks updating title in the full HTML mode.
- #12338: Fixed: The CKEditor package contains unoptimized images.
CKEditor 4.4.4
Fixed Issues:
- #12268: Cleanup of UI Color YUI styles. Thanks to CasherWest!
- #12263: Fixed: Paste from Word filter does not properly normalize semicolons style text. Thanks to Alin Purcaru!
- #12243: Fixed: Text formatting lost when pasting from Word. Thanks to Alin Purcaru!
- #111739: Fixed: keypress listeners should not be used in the undo manager. A complete rewrite of keyboard handling in the undo manager was made. Numerous smaller issues were fixed, among others:
- #10926: [Chrome@Android] Fixed: Typing does not record snapshots and does not fire the editor.change event.
- #11611: [Firefox] Fixed: The editor.change event is fired when pressing Arrow keys.
- #12219: [Safari] Fixed: Some modifications of the UndoManager.locked property violate strict mode in the Undo plugin.
- #10916: Fixed: Magic Line icon in Right-To-Left environments.
- #11970: [IE] Fixed: CKEditor paste event is not fired when pasting with Shift+Ins.
- #12111: Fixed: Linked image attributes are not read when opening the image dialog window by doubleclicking.
- #10030: [IE] Fixed: Prevented “Unspecified Error” thrown in various cases when IE8-9 does not allow access to document.activeElement.
- #12273: Fixed: Applying block style in a description list breaks it.
- #12218: Fixed: Minor syntax issue in CSS files.
- #12178: [Blink/WebKit] Fixed: Iterator does not return the block if the selection is located at the end of it.
- #12185: [IE9QM] Fixed: Error thrown when moving the mouse over focused editor’s scrollbar.
- #12215: Fixed: Basepath resolution does not recognize semicolon as a query separator.
- #12135: Fixed: Remove Format does not work on widgets.
- #12298: [IE11] Fixed: Clicking below <body> in Compatibility Mode will no longer reset selection to the first line.
- #12204: Fixed: Editor’s voice label is not affected by config.title.
- #11915: Fixed: With SCAYT enabled, cursor moves to the beginning of the first highlighted, misspelled word after typing or pasting into the editor.
- SCAYT: Fixed: Error thrown in the console after enabling SCAYT and trying to add a new image.
Other Changes:
- #12296: Merged benderjs-ckeditor into the main CKEditor repository.
CKEditor 4.4.3
Security Updates:
- Fixed XSS vulnerability in the Preview plugin reported by Mario Heiderich of Cure53.
An upgrade is highly recommended!
New Features:
- #12164: Added the “Justify” option to the “Horizontal Alignment” drop-down in the Table Cell Properties dialog window.
Fixed Issues:
- #12110: Fixed: Editor crash after deleting a table. Thanks to Alin Purcaru!
- #11897: Fixed: Enter key used in an empty list item creates a new line instead of breaking the list. Thanks to noam-si!
- #12140: Fixed: Double-clicking linked widgets opens two dialog windows.
- #12132: Fixed: Image is inserted with width and height styles even when they are not allowed.
- #9317: [IE] Fixed: config.disableObjectResizing does not work on IE. Note: We were not able to fix this issue on IE11+ because necessary events stopped working. See a last resort workaround and make sure to support our complaint to Microsoft.
- #9638: Fixed: There should be no information about accessibility help available under the Alt+0 keyboard shortcut if the Accessibility Help plugin is not available.
- #8117 and #9186: Fixed: In HTML5 <meta> tags should be allowed everywhere, including inside the <body> element.
- #10422: Fixed: config.fillEmptyBlocks not working properly if a function is specified.
CKEditor 4.4.2
Important Notes:
- The CKEditor testing environment is now publicly available. Read more about how to set up the environment and execute tests in the CKEditor Testing Environment guide. Please note that the tests/ directory which contains editor tests is not available in release packages. It can only be found in the development version of CKEditor on GitHub.
New Features:
- #11909: Introduced a parameter to prevent the editor.setData() method from recording undo snapshots.
Fixed Issues:
- #11757: Fixed: Imperfections in the Moono skin. Thanks to danyaPostfactum!
- #10091: Blockquote should be treated like an object by the styles system. Thanks to dan-james-deeson!
- #11478: Fixed: Issue with passing jQuery objects to adapter configuration.
- #10867: Fixed: Issue with setting encoded URI as image link.
- #11983: Fixed: Clicking a nested widget does not focus it. Additionally, performance of the widget.repository.getByElement() method was improved.
- #12000: Fixed: Nested widgets should be initialized on editor.setData() and nestedEditable.setData().
- #12022: Fixed: Outer widget’s drag handler is not created at all if it has any nested widgets inside.
- #11960: [Blink/WebKit] Fixed: The caret should be scrolled into view on Backspace and Delete (covers only the merging blocks case).
- #11306: [OSX][Blink/WebKit] Fixed: No widget entries in the context menu on widget right-click.
- #11957: Fixed: Alignment labels in the Enhanced Image dialog window are not translated.
- #11980: [Blink/WebKit] Fixed: <span> elements created when joining adjacent elements (non-collapsed selection).
- #12009: [Nested widgets] Integration with the Magic Line plugin.
- #11387: Fixed: role="radiogroup" should be applied only to radio inputs’ container.
- #7975: [IE8] Fixed: Errors when trying to select an empty table cell.
- #11947: [Firefox+IE11] Fixed: Shift+Enter in lists produces two line breaks.
- #11972: Fixed: Feature detection in the element.setText() method should not trigger the layout engine.
- #7634: Fixed: The Flash Dialog plugin omits the allowFullScreen parameter in the editor data if set to true.
- #11910: Fixed: Enhanced Image does not take config.baseHref into account when updating image dimensions.
- #11753: Fixed: Wrong checkDirty() method value after focusing or blurring a widget.
- #11830: Fixed: Impossible to pass some arguments to CKBuilder when using the /dev/builder/build.sh script.
- #11945: Fixed: Form Elements plugin should not change a core method.
- #11384: [IE9+] Fixed: IndexSizeError thrown when pasting into a non-empty selection anchored in one text node.
CKEditor 4.4.1
New Features:
- #9661: Added the option to configure anchor tags with JavaScript code in the href attribute.
Fixed Issues:
- #11861: [WebKit/Blink] Fixed: Span elements created while joining adjacent elements. Note: This patch only covers cases when Backspace or Delete is pressed on a collapsed (empty) selection. The remaining case, with a non-empty selection, will be fixed in the next release.
- #10714: [iOS] Fixed: Selection and drop-downs are broken if a touch event listener is used due to a WebKit bug. Thanks to Arty Gus!
- #11911: Fixed setting the dir attribute for a preloaded language in CKEDITOR.lang. Thanks to Akash Mohapatra!
- #11926: Fixed: Code Snippet does not decode HTML entities when loading code from the <code> element.
- #11223: Fixed: Issue when Protected Source was not working in the <title> element.
- #11859: Fixed: Removed the Source Dialog plugin dependency from the Code Snippet sample.
- #11754: [Chrome] Fixed: Infinite loop when content includes not closed attributes.
- #11848: [IE] Fixed: editor.insertElement() throwing an exception when there was no selection in the editor.
- #11801: Fixed: Editor anchors unavailable when linking the Enhanced Image widget.
- #11626: Fixed: Table Resize sets invalid column width.
- #11872: Made element.addClass() chainable symmetrically to element.removeClass().
- #11813: Fixed: Link lost while pasting a captioned image and restoring an undo snapshot (Enhanced Image).
- #11814: Fixed: Link and Unlink entries persistently displayed in the Enhanced Image context menu.
- #11839: [IE9] Fixed: The caret jumps out of the editable area when resizing the editor in the source mode.
- #11822: [WebKit] Fixed: Editing anchors by double-click is broken in some cases.
- #11823: [IE8] Fixed: Table Resize throws an error over scrollbar.
- #11788: Fixed: It is not possible to change the language back to Not set in the Code Snippet dialog window.
- #11788: Fixed: Filter rules are not applied inside elements with the contenteditable attribute set to true.
- #11798: Fixed: Inserting a non-editable element inside a table cell breaks the table.
- #11793: Fixed: Drop-down is not “on” when clicking it while the editor is blurred.
- #11850: Fixed: Fake objects with the contenteditable attribute set to false are not downcasted properly.
- #11811: Fixed: Widget’s data is not encoded correctly when passed to an attribute.
- #11777: Fixed encoding ampersand in the Mathematical Formulas plugin.
- #11880: [IE8-9] Fixed: Linked image has a default thick border.
Other Changes:
- #11807: Updated jQuery version used in the sample to 1.11.0 and tested CKEditor jQuery Adapter with version 1.11.0 and 2.1.0.
- #9504: Stopped using deprecated attribute.specified in all browsers except Internet Explorer.
- #11809: Changed tab size in <pre> to 4 spaces.
CKEditor 4.4
Important Notes:
- Marked the editor.beforePaste event as deprecated.
- The default class of captioned images has changed to image (was: caption). Please note that once edited in CKEditor 4.4+, all existing images of the caption class (<figure class="caption">) will be filtered out unless the config.image2_captionedClass option is set to caption. For backward compatibility (i.e. when upgrading), it is highly recommended to use this setting, which also helps prevent CSS conflicts, etc. This does not apply to new CKEditor integrations.
- Widgets without defined buttons are no longer registered automatically to the Advanced Content Filter. Before CKEditor 4.4 widgets were registered to the ACF which was an incorrect behavior (#11567). This change should not have any impact on standard scenarios, but if your button does not execute the widget command, you need to set allowedContent and requiredContent properties for it manually, because the editor will not be able to find them.
- The Show Borders plugin was added to the Standard installation package in order to ensure that unstyled tables are still visible for the user (#11665).
- Since CKEditor 4.4 the editor instance should be passed to CKEDITOR.style methods to ensure full compatibility with other features (e.g. applying styles to widgets requires that). We ensured backward compatibility though, so the CKEDITOR.style will work even when the editor instance is not provided.
New Features:
- #11297: Styles can now be applied to widgets. The definition of a style which can be applied to a specific widget must contain two additional properties — type and widget. Read more in the Widget Styles section of the “Syles Drop-down” guide. Note that by default, widgets support only classes and no other attributes or styles. Related changes and features:
- Introduced the CKEDITOR.style.addCustomHandler() method for registering custom style handlers.
- The CKEDITOR.style.apply() and CKEDITOR.style.remove() methods are now called with an editor instance instead of the document so they can be reused by the CKEDITOR.editor.applyStyle() and CKEDITOR.editor.removeStyle() methods. Backward compatibility was preserved, but from CKEditor 4.4 it is highly recommended to pass an editor instead of a document to these methods.
- Many new methods and properties were introduced in the Widget API to make the handling of styles by widgets fully customizable. See: widget.definition.styleableElements, widget.definition.styleToAllowedContentRule, widget.addClass(), widget.removeClass(), widget.getClasses(), widget.hasClass(), widget.applyStyle(), widget.removeStyle(), widget.checkStyleActive().
- Integration with the Allowed Content Filter required an introduction of the CKEDITOR.style.toAllowedContent() method which can be implemented by the custom style handler and if exists, it is used by the CKEDITOR.filter to translate a style to allowed content rules.
- #11300: Various changes in the Enhanced Image plugin:
- Introduced the config.image2_captionedClass option to configure the class of captioned images.
- Introduced the config.image2_alignClasses option to configure the way images are aligned with CSS classes. If this setting is defined, the editor produces classes instead of inline styles for aligned images.
- Default image caption can be translated (customized) with the editor.lang.image2.captionPlaceholder string.
- #11341: Enhanced Image plugin: It is now possible to add a link to any image type.
- #10202: Introduced wildcard support in the Allowed Content Rules format.
- #10276: Introduced blacklisting in the Allowed Content Filter.
- #10480: Introduced code snippets with code highlighting. There are two versions available so far — the default Code Snippet which uses the highlight.js library and the Code Snippet GeSHi which uses the GeSHi library.
- #11737: Introduced an option to prevent filtering of an element that matches custom criteria (see filter.addElementCallback()).
- #11532: Introduced the editor.addContentsCss() method that can be used for adding custom CSS files.
- #11536: Added the CKEDITOR.tools.htmlDecode() method for decoding HTML entities.
- #11225: Introduced the CKEDITOR.tools.transparentImageData property which contains transparent image data to be used in CSS or as image source.
Other Changes:
- #11377: Unified internal representation of empty anchors using the fake objects.
- #11422: Removed Firefox 3.x, Internet Explorer 6 and Opera 12.x leftovers in code.
- #5217: Setting data (including switching between modes) creates a new undo snapshot. Besides that:
- Introduced the editable.status property.
- Introduced a new forceUpdate option for the editor.lockSnapshot event.
- Fixed: Selection not being unlocked in inline editor after setting data (#11500).
- The WebSpellChecker plugin was updated to the latest version.
Fixed Issues:
- #10190: Fixed: Removing block style with editor.removeStyle() should result in a paragraph and not a div.
- #11727: Fixed: The editor tries to select a non-editable image which was clicked.
CKEditor 4.3.5
New Features:
- Added new translation: Tatar.
Fixed Issues:
- #11677: Fixed: Undo/Redo keystrokes are blocked in the source mode.
- #11717: Document Properties plugin requires the Color Dialog plugin to work.
CKEditor 4.3.4
Fixed Issues:
- #11597: [IE11] Fixed: Error thrown when trying to open the preview using the keyboard.
- #11544: Placeholders will no longer be upcasted in parents not accepting <span> elements.
- #8663: Fixed element.renameNode() not clearing the element.getName() cache.
- #11574: Fixed: Backspace destroying the DOM structure if an inline editable is placed in a list item.
- #11603: Fixed: Table Resize attaches to tables outside the editable.
- #9205, #7805, #8216: Fixed: {cke_protected_1} appearing in data in various cases where HTML comments are placed next to " or '.
- #11635: Fixed: Some attributes are not protected before the content is passed through the fix bin.
- #11660: [IE] Fixed: Table content is lost when some extra markup is inside the table.
- #11641: Fixed: Switching between modes in the classic editor removes content styles for the inline editor.
- #11568: Fixed: Styles drop-down list is not enabled on selection change.
CKEditor 4.3.3
Fixed Issues:
- #11500: [WebKit/Blink] Fixed: Selection lost when setting data in another inline editor. Additionally, selection.removeAllRanges() is now scoped to selection’s root.
- #11104: [IE] Fixed: Various issues with scrolling and selection when focusing widgets.
- #11487: Moving mouse over the Enhanced Image widget will no longer change the value returned by the editor.checkDirty() method.
- #8673: [WebKit] Fixed: Cannot select and remove the Page Break.
- #11413: Fixed: Incorrect editor.execCommand() behavior.
- #11438: Splitting table cells vertically is no longer changing table structure.
- #8899: Fixed: Links in the About CKEditor dialog window now open in a new browser window or tab.
- #11490: Fixed: Menu button panel not showing in the source mode.
- #11417: The widget.doubleclick event is not canceled anymore after editing was triggered.
- #11253: [IE] Fixed: Clipped upload button in the Enhanced Image dialog window.
- #11359: Standardized the way anchors are discovered by the Link plugin.
- #11058: [IE8] Fixed: Error when deleting a table row.
- #11508: Fixed: htmlDataProcessor discovering protected attributes within other attributes’ values.
- #11533: Widgets: Avoid recurring upcasts if the DOM structure was modified during an upcast.
- #11400: Fixed: The domObject.removeAllListeners() method does not remove custom listeners completely.
- #11493: Fixed: The selection.getRanges() method does not override cached ranges when used with the onlyEditables argument.
- #11390: [IE] All XML plugin methods now work in IE10+.
- #11542: [IE11] Fixed: Blurry toolbar icons when Right-to-Left UI language is set.
- #11504: Fixed: When config.fullPage is set to true, entities are not encoded in editor output.
- #11004: Integrated Enhanced Image dialog window with Advanced Content Filter.
- #11439: Fixed: Properties get cloned in the Cell Properties dialog window if multiple cells are selected.
CKEditor 4.3.2
Fixed Issues:
- #11331: A menu button will have a changed label when selected instead of using the aria-pressed attribute.
- #11177: Widget drag handler improvements:
- #11176: Fixed: Initial position is not updated when the widget data object is empty.
- #11001: Fixed: Multiple synchronous layout recalculations are caused by initial drag handler positioning causing performance issues.
- #11161: Fixed: Drag handler is not repositioned in various situations.
- #11281: Fixed: Drag handler and mask are duplicated after widget reinitialization.
- #11207: [Firefox] Fixed: Misplaced Enhanced Image resizer in the inline editor.
- #11102: CKEDITOR.template improvements:
- #11102: Added newline character support.
- #11216: Added “\’” substring support.
- #11121: [Firefox] Fixed: High Contrast mode is enabled when the editor is loaded in a hidden iframe.
- #11350: The default value of config.contentsCss is affected by CKEDITOR.getUrl().
- #11097: Improved the Autogrow plugin performance when dealing with very big tables.
- #11290: Removed redundant code in the Source Dialog plugin.
- #11133: Page Break becomes editable if pasted.
- #11126: Fixed: Native Undo executed once the bottom of the snapshot stack is reached.
- #11131: Div Editing Area: Fixed: Error thrown when switching to source mode if the selection was in widget’s nested editable.
- #11139: Div Editing Area: Fixed: Elements Path is not cleared after switching to source mode.
- #10778: Fixed a bug with range enlargement. The range no longer expands to visible whitespace.
- #11146: [IE] Fixed: Preview window switches Internet Explorer to Quirks Mode.
- #10762: [IE] Fixed: JavaScript code displayed in preview window’s URL bar.
- #11186: Introduced the widgets.repository.addUpcastCallback() method that allows to block upcasting given element to a widget.
- #11307: Fixed: Paste as Plain Text conflict with the MooTools library.
- #11140: [IE11] Fixed: Anchors are not draggable.
- #11379: Changed default contents line-height to unitless values to avoid huge text overlapping (like in #9696).
- #10787: [Firefox] Fixed: Broken replacement of text while pasting into div-based editor.
- #10884: Widgets integration with the Show Blocks plugin.
- #11021: Fixed: An error thrown when selecting entire editable contents while fake selection is on.
- #11086: [IE8] Re-enable inline widgets drag&drop in Internet Explorer 8.
- #11372: Widgets: Special characters encoded twice in nested editables.
- #10068: Fixed: Support for protocol-relative URLs.
- #11283: Enhanced Image: A <div> element with text-align: center and an image inside is not recognised correctly.
- #11196: Accessibility Instructions: Allowed additional keyboard button labels to be translated in the dialog window.
CKEditor 4.3.1
Important Notes:
- To match the naming convention, the language button is now Language (#11201).
- Enhanced Image button, context menu, command, and icon names match those of the Image plugin (#11222).
Fixed Issues:
- #11244: Changed: The widget.repository.checkWidgets() method now fires the widget.repository.checkWidgets event, so from CKEditor 4.3.1 it is preferred to use the method rather than fire the event.
- #11171: Fixed: editor.insertElement() and editor.insertText() methods do not call the widget.repository.checkWidgets() method.
- #11085: [IE8] Replaced preview generated by the Mathematical Formulas widget with a placeholder.
- #11044: Enhanced WAI-ARIA support for the Language plugin drop-down menu.
- #11075: With drop-down menu button focused, pressing the Down Arrow key will now open the menu and focus its first option.
- #11165: Fixed: The File Browser plugin cannot be removed from the editor.
- #11159: [IE9-10] Enhanced Image: Fixed buggy discovery of image dimensions.
- #11101: Drop-down lists no longer break when given double quotes.
- #11077: Enhanced Image: Empty undo step recorded when resizing the image.
- #10853: Enhanced Image: Widget has paragraph wrapper when de-captioning unaligned image.
- #11198: Widgets: Drag handler is not fully visible when an inline widget is in a heading.
- #11132: [Firefox] Fixed: Caret is lost after drag and drop of an inline widget.
- #11182: [IE10-11] Fixed: Editor crashes (IE11) or works with minor issues (IE10) if a page is loaded in Quirks Mode. See env.quirks for more details.
- #11204: Added figure and figcaption styles to the contents.css file so Enhanced Image looks nicer.
- #11202: Fixed: No newline in BBCode mode.
- #10890: Fixed: Error thrown when pressing the Delete key in a list item.
- #10055: [IE8-10] Fixed: Delete pressed on a selected image causes the browser to go back.
- #11183: Fixed: Inserting a horizontal rule or a table in multiple row selection causes a browser crash. Additionally, the editor.insertElement() method does not insert the element into every range of a selection any more.
- #11042: Fixed: Selection made on an element containing a non-editable element was not auto faked.
- #11125: Fixed: Keyboard navigation through menu and drop-down items will now cycle.
- #11011: Fixed: The editor.applyStyle() method removes attributes from nested elements.
- #11179: Fixed: editor.destroy() does not cleanup content generated by the Table Resize plugin for inline editors.
- #11237: Fixed: Table border attribute value is deleted when pasting content from Microsoft Word.
- #11250: Fixed: HTML entities inside the <textarea> element are not encoded.
- #11260: Fixed: Initially disabled buttons are not read by JAWS as disabled.
- #11200: Added Clipboard plugin as a dependency for Widget to fix drag and drop.
CKEditor 4.3
New Features:
- #10612: Internet Explorer 11 support.
- #10869: Widgets: Added better integration with the Elements Path plugin.
- #10886: Widgets: Added tooltip to the drag handle.
- #10933: Widgets: Introduced drag and drop of block widgets with the Line Utilities plugin.
- #10936: Widget System changes for easier integration with other dialog systems.
- #10895: Enhanced Image: Added file browser integration.
- #11002: Added the draggable option to disable drag and drop support for widgets.
- #10937: Mathematical Formulas widget improvements:
- loading indicator (#10948),
- applying paragraph changes (like font color change) to iframe (#10841),
- Firefox and IE9 clipboard fixes (#10857),
- fixing same origin policy issue (#10840),
- fixing undo bugs (#10842, #10930),
- fixing other minor bugs.
- #10862: Placeholder plugin was rewritten as a widget.
- #10822: Added styles system integration with non-editable elements (for example widgets) and their nested editables. Styles cannot change non-editable content and are applied in nested editable only if allowed by its type and content filter.
- #10856: Menu buttons will now toggle the visibility of their panels when clicked multiple times. Language plugin fixes: Added active language highlighting, added an option to remove the language.
- #10028: New config.dialog_noConfirmCancel configuration option that eliminates the need to confirm closing of a dialog window when the user changed any of its fields.
- #10848: Integrate remaining plugins (Styles, Format, Font, Color Button, Language and Indent) with active filter.
- #10855: Change the extension of emoticons in the BBCode sample from GIF to PNG.
Fixed Issues:
- #10831: Enhanced Image: Merged image2inline and image2block into one image2 widget.
- #10835: Enhanced Image: Improved visibility of the resize handle.
- #10836: Enhanced Image: Preserve custom mouse cursor while resizing the image.
- #10939: [Firefox] Enhanced Image: hovering the image causes it to change.
- #10866: Fixed: Broken Tab key navigation in the Enhanced Image dialog window.
- #10833: Fixed: Lock ratio option should be on by default in the Enhanced Image dialog window.
- #10881: Various improvements to Enter key behavior in nested editables.
- #10879: Remove Format should not leak from a nested editable.
- #10877: Fixed: WebSpellChecker fails to apply changes if a nested editable was focused.
- #10877: Fixed: SCAYT blocks typing in nested editables.
- #11079: Add button icons to the Placeholder sample.
- #10870: The paste command is no longer being disabled when the clipboard is empty.
- #10854: Fixed: Firefox prepends <br> to <body>, so it is stripped by the HTML data processor.
- #10823: Fixed: Link plugin does not work with non-editable content.
- #10828: Magic Line integration with the Widget System.
- #10865: Improved hiding copybin, so copying widgets works smoothly.
- #11066: Widget’s private parts use CSS reset.
- #11027: Fixed: Block commands break on widgets; added the contentDomInvalidated event.
- #10430: Resolve dependence of the Image plugin on the Form Elements plugin.
- #10911: Fixed: Browser Alt hotkeys will no longer be blocked while a widget is focused.
- #11082: Fixed: Selected widget is not copied or cut when using toolbar buttons or context menu.
- #11083: Fixed list and div element application to block widgets.
- #10887: Internet Explorer 8 compatibility issues related to the Widget System.
- #11074: Temporarily disabled inline widget drag and drop, because of seriously buggy native range#moveToPoint method.
- #11098: Fixed: Wrong selection position after undoing widget drag and drop.
- #11110: Fixed: IFrame and Flash objects are being incorrectly pasted in certain conditions.
- #11129: Page break is lost when loading data.
- #11123: [Firefox] Widget is destroyed after being dragged outside of <body>.
- #11124: Fixed the Elements Path in an editor using the Div Editing Area.
CKEditor 4.3 Beta
New Features:
- #9764: Widget System.
- Widget plugin introducing the Widget API.
- New editor.enterMode and editor.shiftEnterMode properties – normalized versions of config.enterMode and config.shiftEnterMode.
- Dynamic editor settings. Starting from CKEditor 4.3 Beta, Enter mode values and content filter instances may be changed dynamically (for example when the caret was placed in an element in which editor features should be adjusted). When you are implementing a new editor feature, you should base its behavior on dynamic or static Enter mode values depending on whether this feature works in selection context or globally on editor content.
- Dynamic Enter mode values – editor.setActiveEnterMode() method, editor.activeEnterModeChange event, and two properties: editor.activeEnterMode and editor.activeShiftEnterMode.
- Dynamic content filter instances – editor.setActiveFilter() method, editor.activeFilterChange event, and editor.activeFilter property.
- “Fake” selection was introduced. It makes it possible to virtually select any element when the real selection remains hidden. See the selection.fake() method.
- Default htmlParser.filter rules are not applied to non-editable elements (elements with contenteditable attribute set to false and their descendants) anymore. To add a rule which will be applied to all elements you need to pass an additional argument to the filter.addRules() method.
- Dozens of new methods were introduced – most interesting ones:
- document.find(),
- document.findOne(),
- editable.insertElementIntoRange(),
- range.moveToClosestEditablePosition(),
- New methods for htmlParser.node and htmlParser.element.
- #10659: New Enhanced Image plugin that introduces a widget with integrated image captions, an option to center images, and dynamic “click and drag” resizing.
- #10664: New Mathematical Formulas plugin that introduces the MathJax widget.
- #7987: New Language plugin that implements Language toolbar button to support WCAG 3.1.2 Language of Parts.
- #10708: New smileys.
CKEditor 4.2.3
Fixed Issues:
- #10994: Fixed: Loading external jQuery library when opening the jQuery Adapter sample directly from file.
- #10975: [IE] Fixed: Error thrown while opening the color palette.
- #9929: [Blink/WebKit] Fixed: A non-breaking space is created once a character is deleted and a regular space is typed.
- #10963: Fixed: JAWS issue with the keyboard shortcut for Magic Line.
- #11096: Fixed: TypeError: Object has no method 'is’.
CKEditor 4.2.2
Fixed Issues:
- #9314: Fixed: Incorrect error message on closing a dialog window without saving changs.
- #10308: [IE10] Fixed: Unspecified error when deleting a row.
- #10945: [Chrome] Fixed: Clicking with a mouse inside the editor does not show the caret.
- #10912: Prevent default action when content of a non-editable link is clicked.
- #10913: Fixed CKEDITOR.plugins.addExternal() not handling paths including file name specified.
- #10666: Fixed CKEDITOR.tools.isArray() not working cross frame.
- #10910: [IE9] Fixed JavaScript error thrown in Compatibility Mode when clicking and/or typing in the editing area.
- #10868: [IE8] Prevent the browser from crashing when applying the Inline Quotation style.
- #10915: Fixed: Invalid CSS filter in the Kama skin.
- #10914: Plugins Indent List and Indent Block are now included in the build configuration.
- #10812: Fixed range.createBookmark2() incorrectly normalizing offsets. This bug was causing many issues: #10850, #10842.
- #10951: Reviewed and optimized focus handling on panels (combo, menu buttons, color buttons, and context menu) to enhance accessibility. Fixed #10705, #10706 and #10707.
- #10704: Fixed a JAWS issue with the Select Color dialog window title not being announced.
- #10753: The floating toolbar in inline instances now has a dedicated accessibility label.
CKEditor 4.2.1
Fixed Issues:
- #10301: [IE9-10] Undo fails after 3+ consecutive paste actions with a JavaScript error.
- #10689: Save toolbar button saves only the first editor instance.
- #10368: Move language reading direction definition (dir) from main language file to core.
- #9330: Fixed pasting anchors from MS Word.
- #8103: Fixed pasting nested lists from MS Word.
- #9958: [IE9] Pressing the “OK” button will trigger the onbeforeunload event in the popup dialog.
- #10662: Fixed styles from the Styles drop-down list not registering to the ACF in case when the Shared Spaces plugin is used.
- #9654: Problems with Internet Explorer 10 Quirks Mode.
- #9816: Floating toolbar does not reposition vertically in several cases.
- #10646: Removing a selected sublist or nested table with Backspace/Delete removes the parent element.
- #10623: [WebKit] Page is scrolled when opening a drop-down list.
- #10004: [ChromeVox] Button names are not announced.
- #10731: WebSpellChecker plugin breaks cloning of editor configuration.
- It is now possible to set per instance WebSpellChecker plugin configuration instead of setting the configuration globally.
CKEditor 4.2
Important Notes:
Dropped compatibility support for Internet Explorer 7 and Firefox 3.6.
Both the Basic and the Standard distribution packages will not contain the new Indent Block plugin. Because of this the Advanced Content Filter might remove block indentations from existing contents. If you want to prevent this, either add an appropriate ACF rule to your filter or create a custom build based on the Basic/Standard package and add the Indent Block plugin in CKBuilder.
New Features:
- #10027: Separated list and block indentation into two plugins: Indent List and Indent Block.
- #8244: Use (Shift+)Tab to indent and outdent lists.
- #10281: The jQuery Adapter is now available. Several jQuery-related issues fixed: #8261, #9077, #8710, #8530, #9019, #6181, #7876, #6906.
- #10042: Introduced config.title setting to change the human-readable title of the editor.
- #9794: Added editor.change event.
- #9923: HiDPI support in the editor UI. HiDPI icons for Moono skin added.
- #8031: Handle required attributes on <textarea> elements — introduced editor.required event.
- #10280: Ability to replace <textarea> elements with the inline editor.
Fixed Issues:
- #10599: Indent plugin is no longer required by the List plugin.
- #10370: Inconsistency in data events between framed and inline editors.
- #10438: [FF, IE] No selection is done on an editable element on executing editor.setData().
CKEditor 4.1.3
New Features:
- Added new translation: Indonesian.
Fixed Issues:
- #10644: Fixed a critical bug when pasting plain text in Blink-based browsers.
- #5189: Find/Replace dialog window: rename “Cancel” button to "Close".
- #10562: [Housekeeping] Unified CSS gradient filter formats in the Moono skin.
- #10537: Advanced Content Filter should register a default rule for config.shiftEnterMode.
- #10610: CKEDITOR.dialog.addIframe() incorrectly sets the iframe size in dialog windows.
CKEditor 4.1.2
New Features:
- Added new translation: Sinhala.
Fixed Issues:
- #10339: Fixed: Error thrown when inserted data was totally stripped out after filtering and processing.
- #10298: Fixed: Data processor breaks attributes containing protected parts.
- #10367: Fixed: editable.insertText() loses characters when RegExp replace controls are being inserted.
- #10165: [IE] Access denied error when document.domain has been altered.
- #9761: Update the Backspace key state in keystrokeHandler.blockedKeystrokes when calling editor.setReadOnly().
- #6504: Fixed: Race condition while loading several config.customConfig files.
- #10146: [Firefox] Empty lines are being removed while config.enterMode is CKEDITOR.ENTER_BR.
- #10360: Fixed: ARIA role="application" should not be used for dialog windows.
- #10361: Fixed: ARIA role="application" should not be used for floating panels.
- #10510: Introduced unique voice labels to differentiate between different editor instances.
- #9945: [iOS] Scrolling not possible on iPad.
- #10389: Fixed: Invalid HTML in the “Text and Table” template.
- WebSpellChecker plugin user interface was changed to match CKEditor 4 style.
CKEditor 4.1.1
New Features:
- Added new translation: Albanian.
Fixed Issues:
- #10172: Pressing Delete or Backspace in an empty table cell moves the cursor to the next/previous cell.
- #10219: Error thrown when destroying an editor instance in parallel with a mouseup event.
- #10265: Wrong loop type in the File Browser plugin.
- #10249: Wrong undo/redo states at start.
- #10268: Show Blocks does not recover after switching to Source view.
- #9995: HTML code in the <textarea> should not be modified by the htmlDataProcessor.
- #10320: Justify plugin should add elements to Advanced Content Filter based on current Enter mode.
- #10260: Fixed: Advanced Content Filter blocks tabSpaces. Unified data-cke-* attributes filtering.
- #10315: [WebKit] Undo manager should not record snapshots after a filling character was added/removed.
- #10291: [WebKit] Space after a filling character should be secured.
- #10330: [WebKit] The filling character is not removed on keydown in specific cases.
- #10285: Fixed: Styled text pasted from MS Word causes an infinite loop.
- #10131: Fixed: undoManager.update() does not refresh the command state.
- #10337: Fixed: Unable to remove <s> using Remove Format.
CKEditor 4.1
Fixed Issues:
- #10192: Closing lists with the Enter key does not work with Advanced Content Filter in several cases.
- #10191: Fixed allowed content rules unification, so the filter.allowedContent property always contains rules in the same format.
- #10224: Advanced Content Filter does not remove non-empty <a> elements anymore.
- Minor issues in plugin integration with Advanced Content Filter:
- #10166: Added transformation from the align attribute to float style to preserve backward compatibility after the introduction of Advanced Content Filter.
- #10195: Image plugin no longer registers rules for links to Advanced Content Filter.
- #10213: Justify plugin is now correctly registering rules to Advanced Content Filter when config.justifyClasses is defined.
CKEditor 4.1 RC
New Features:
#9829: Advanced Content Filter - data and features activation based on editor configuration.
Brand new data filtering system that works in 2 modes:
- Based on loaded features (toolbar items, plugins) - the data will be filtered according to what the editor in its current configuration can handle.
- Based on config.allowedContent rules - the data will be filtered and the editor features (toolbar items, commands, keystrokes) will be enabled if they are allowed.
See the datafiltering.html sample, guides and CKEDITOR.filter API documentation.
#9387: Reintroduced Shared Spaces - the ability to display toolbar and bottom editor space in selected locations and to share them by different editor instances.
#9907: Added the contentPreview event for preview data manipulation.
#9713: Introduced the Source Dialog plugin that brings raw HTML editing for inline editor instances.
Included in #9829: Introduced new events, toHtml and toDataFormat, allowing for better integration with data processing.
#9981: Added ability to filter htmlParser.fragment, htmlParser.element etc. by many htmlParser.filters before writing structure to an HTML string.
Included in #10103:
- Introduced the editor.status property to make it easier to check the current status of the editor.
- Default command state is now CKEDITOR.TRISTATE_DISABLE. It will be activated on editor.instanceReady or immediately after being added if the editor is already initialized.
#9796: Introduced <s> as a default tag for strikethrough, which replaces obsolete <strike> in HTML5.
CKEditor 4.0.3
Fixed Issues:
- #10196: Fixed context menus not opening with keyboard shortcuts when Autogrow is enabled.
- #10212: [IE7-10] Undo command throws errors after multiple switches between Source and WYSIWYG view.
- #10219: [Inline editor] Error thrown after calling editor.destroy().
CKEditor 4.0.2
Fixed Issues:
- #9779: Fixed overriding CKEDITOR.getUrl() with CKEDITOR_GETURL.
- #9772: Custom buttons in the dialog window footer have different look and size (Moono, Kama skins).
- #9029: Custom styles added with the stylesSet.add() are displayed in the wrong order.
- #9887: Disable Magic Line when editor.readOnly is set.
- #9882: Fixed empty document title on editor.getData() if set via the Document Properties dialog window.
- #9773: Fixed rendering problems with selection fields in the Kama skin.
- #9851: The selectionChange event is not fired when mouse selection ended outside editable.
- #9903: [Inline editor] Bad positioning of floating space with page horizontal scroll.
- #9872: editor.checkDirty() returns true when called onload. Removed the obsolete editor.mayBeDirty flag.
- #9893: [IE] Fixed broken toolbar when editing mixed direction content in Quirks mode.
- #9845: Fixed TAB navigation in the Link dialog window when the Anchor option is used and no anchors are available.
- #9883: Maximizing was making the entire page editable with divarea-based editors.
- #9940: [Firefox] Navigating back to a page with the editor was making the entire page editable.
- #9966: Fixed: Unable to type square brackets with French keyboard layout. Changed Magic Line keystrokes.
- #9507: [Firefox] Selection is moved before editable position when the editor is focused for the first time.
- #9947: [WebKit] Editor overflows parent container in some edge cases.
- #10105: Fixed: Broken sourcearea view when an RTL language is set.
- #10123: [WebKit] Fixed: Several dialog windows have broken layout since the latest WebKit release.
- #10152: Fixed: Invalid ARIA property used on menu items.
CKEditor 4.0.1.1
Fixed Issues:
- Security update: Added protection against XSS attack and possible path disclosure in the PHP sample.
CKEditor 4.0.1
Fixed Issues:
- #9655: Support for IE Quirks Mode in the new Moono skin.
- Accessibility issues (mainly in inline editor): #9364, #9368, #9369, #9370, #9541, #9543, #9841, #9844.
- Magic Line plugin:
- #9481: Added accessibility support for Magic Line.
- #9509: Added Magic Line support for forms.
- #9573: Magic Line does not disappear on mouseout in a specific case.
- #9754: [WebKit] Cutting & pasting simple unformatted text generates an inline wrapper in WebKit browsers.
- #9456: [Chrome] Properly paste bullet list style from MS Word.
- #9699, #9758: Improved selection locking when selecting by dragging.
- Context menu:
- #9712: Opening the context menu destroys editor focus.
- #9366: Context menu should be displayed over the floating toolbar.
- #9706: Context menu generates a JavaScript error in inline mode when the editor is attached to a header element.
- #9800: Hide float panel when resizing the window.
- #9721: Padding in content of div-based editor puts the editing area under the bottom UI space.
- #9528: Host page box-sizing style should not influence the editor UI elements.
- #9503: Form Elements plugin adds context menu listeners only on supported input types. Added support for tel, email, search and url input types.
- #9769: Improved floating toolbar positioning in a narrow window.
- #9875: Table dialog window does not populate width correctly.
- #8675: Deleting cells in a nested table removes the outer table cell.
- #9815: Cannot edit dialog window fields in an editor initialized in the jQuery UI modal dialog.
- #8888: CKEditor dialog windows do not show completely in a small window.
- #9360: [Inline editor] Blocks shown for a <div> element stay permanently even after the user exits editing the <div>.
- #9531: [Firefox & Inline editor] Toolbar is lost when closing the Format drop-down list by clicking its button.
- #9553: Table width incorrectly set when the border-width style is specified.
- #9594: Cannot tab past CKEditor when it is in read-only mode.
- #9658: [IE9] Justify not working on selected images.
- #9686: Added missing contents styles for <pre> elements.
- #9709: Paste from Word should not depend on configuration from other styles.
- #9726: Removed Color Dialog plugin dependency from Table Tools.
- #9765: Toolbar Collapse command documented incorrectly in the Accessibility Instructions dialog window.
- #9771: [WebKit & Opera] Fixed scrolling issues when pasting.
- #9787: [IE9] onChange is not fired for checkboxes in dialogs.
- #9842: [Firefox 17] When opening a toolbar menu for the first time and pressing the Down Arrow key, focus goes to the next toolbar button instead of the menu options.
- #9847: Elements Path should not be initialized in the inline editor.
- #9853: editor.addRemoveFormatFilter() is exposed before it really works.
- #8893: Value of the pasteFromWordCleanupFile configuration option is now taken from the instance configuration.
- #9693: Removed “Live Preview” checkbox from UI color picker.
CKEditor 4.0
The first stable release of the new CKEditor 4 code line.
The CKEditor JavaScript API has been kept compatible with CKEditor 4, whenever possible. The list of relevant changes can be found in the API Changes page of the CKEditor 4 documentation.
Related news
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).