ckeditor-dev
Advanced tools
Changelog
CKEditor 4.12.1
Fixed Issues:
Changelog
CKEditor 4.11.4
Fixed Issues:
Other Changes:
CKEDITOR.getUrl()
when referencing style sheets.CKEDITOR.getUrl()
when referencing style sheets.sl_SL
) language does not work.U+2019
(Right single quotation mark) are considered separators.Changelog
CKEditor 4.11.3
Fixed Issues:
config.allowedContent
.Changelog
CKEditor 4.11.2
Fixed Issues:
<figure>
tag with an image
class is upcasted.getValue()
function is defined in the global scope.Other Changes:
package.json
file.Changelog
CKEditor 4.10.1
Fixed Issues:
instanceReady
.editor.destroy()
during the file upload throws an error. Thanks to Maksim Makarevich!id
attribute. Thanks to Nathan Samson!<font>
tag is not preserved when proper configuration is provided and a style is applied by the Font plugin.object
, embed
, param
are removed from the editor content.API Changes:
editor.plugins.detectConflict()
method finding conflicts between provided plugins.Changelog
CKEditor 4.9.2
Security Updates:
Fixed XSS vulnerability in the Enhanced Image (image2
) plugin reported by Kyaw Min Thein.
Issue summary: It was possible to execute XSS inside CKEditor using the <img>
tag and specially crafted HTML. Please note that the default presets (Basic/Standard/Full) do not include this plugin, so you are only at risk if you made a custom build and enabled this plugin.
We would like to thank the Drupal security team for bringing this matter to our attention and coordinating the fix and release process!