ckeditor-dev

CKEditor 4 - The best browser-based WYSIWYG editor

Development Code

This repository contains the development version of CKEditor.

Attention: The code in this repository should be used locally and for development purposes only. We don't recommend distributing it on remote websites because the user experience will be very limited. For that purpose, you should build it (see below) or use an official release instead, available on the CKEditor website.

Code Installation

There is no special installation procedure to install the development code. Simply clone it on any local directory and you're set.

Available Branches

This repository contains the following branches:

• master: development of the upcoming minor release.
• major: development of the upcoming major release.
• stable: latest stable release tag point (non-beta).
• latest: latest release tag point (including betas).
• release/A.B.x (e.g. 4.0.x, 4.1.x): release freeze, tests and tagging. Hotfixing.

Note that both master and major are under heavy development. Their code didn't pass the release testing phase so it may be unstable.

Additionally, all releases will have their relative tags in this form: 4.0, 4.0.1, etc.

Samples

The samples/ folder contains a good set of examples that can be used to test your installation. It can also be a precious resource for learning some aspects of the CKEditor JavaScript API and its integration on web pages.

Code Structure

The development code contains the following main elements:

• Main coding folders:
  • core/: the core API of CKEditor. Alone, it does nothing, but it provides the entire JavaScript API that makes the magic happen.
  • plugins/: contains most of the plugins maintained by the CKEditor core team.
  • skin/: contains the official default skin of CKEditor.
  • dev/: contains "developer tools".
  • tests/: contains CKEditor tests suite.

Building a Release

A release optimized version of the development code can be easily created locally. The dev/builder/build.sh script can be used for that purpose:

> ./dev/builder/build.sh

A "release ready" working copy of your development code will be built in the new dev/builder/release/ folder. An internet connection is necessary to run the builder, for its first time at least.

Testing Environment

Read more on how to set up the environment and execute tests in the CKEditor Testing Environment guide.

License

Licensed under the GPL, LGPL and MPL licenses, at your choice.

For full details about the license, please check the LICENSE.md file.

Changelog

CKEditor 4.4.8

Security Updates:

• Fixed XSS vulnerability in the HTML parser reported by Dheeraj Joshi and Prem Kumar.

  Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.

An upgrade is highly recommended!

Fixed Issues:

• #12899: Fixed: Corrected wrong tag ending for horizontal box definition in the Dialog User Interface plugin. Thanks to mizafish!
• #13254: Fixed: Cannot outdent block after indent when using the Div Editing Area plugin. Thanks to Jonathan Cottrill!
• #13268: Fixed: Documentation for CKEDITOR.dom.text is incorrect. Thanks to Ben Kiefer!
• #12739: Fixed: Link loses inline styles when edited without the Advanced Tab for Dialogs plugin. Thanks to Віталій Крутько!
• #13292: Fixed: Protection pattern does not work in attribute in self-closing elements with no space before />. Thanks to Віталій Крутько!
• PR#192: Fixed: Variable name typo in the Dialog User Interface plugin which caused CKEDITOR.ui.dialog.radio validation to not work. Thanks to Florian Ludwig!
• #13232: [Safari] Fixed: The element.appendText() method does not work properly for empty elements.
• #13233: Fixed: HTMLDataProcessor can process foo:href attributes.
• #12796: Fixed: The Indent List plugin unwraps parent <li> elements. Thanks to Andrew Stucki!
• #12885: Added missing editor.getData() parameter documentation.
• #11982: Fixed: Bullet added in a wrong position after the Enter key is pressed in a nested list.
• #13027: Fixed: Keyboard navigation in dialog windows with multiple tabs not following IBM CI 162 instructions or ARIA Authoring Practices.
• #12256: Fixed: Basic styles classes are lost when pasting from Microsoft Word if basic styles were configured to use classes.
• #12729: Fixed: Incorrect structure created when merging a block into a list item on Backspace and Delete.
• #13031: [Firefox] Fixed: No more line breaks in source view since Firefox 36.
• #13131: Fixed: The Code Snippet plugin cannot be used without the IFrame Editing Area plugin.
• #9086: Fixed: Invalid ARIA property used on paste area <iframe>.
• #13164: Fixed: Error when inserting a hidden field.
• #13155: Fixed: Incorrect Line Utilities positioning when <body> has a margin.
• #13351: Fixed: Link lost when editing a linked image with the Link tab disabled. This also fixed a bug when inserting an image into a fully selected link would throw an error (#12847).
• #13344: [WebKit/Blink] Fixed: It is possible to remove or change editor content in read-only mode.

Other Changes:

• #12844 and #13103: Upgraded the testing environment to Bender.js 0.2.3.
• #12930: Because of licensing issues, truncated-mathjax/ is now removed from the tests/ directory. Now bender.config.mathJaxLibPath must be configured manually in order to run Mathematical Formulas plugin tests.
• #13266: Added more shades of gray in the Color Dialog window. Thanks to mizafish!