Skip to content

Latest commit

 

History

History
2397 lines (1839 loc) · 310 KB

CHANGES.md

File metadata and controls

2397 lines (1839 loc) · 310 KB

⚠️️️ CKEditor 4 (the open source edition) is no longer maintained. ⚠️

If you would like to keep access to future CKEditor 4 security patches, check the Extended Support Model, which guarantees security updates and critical bug fixes until December 2026. Alternatively, upgrade to CKEditor 5.

CKEditor 4.25.0-lts

⚠️️️ Please note that this release is a part of CKEditor 4 Extended Support Model, only available to customers who decided to acquire the LTS (Long Term Support) version of the editor. All editor versions below 4.25.0-lts can no longer be considered as secure! ⚠️

Security Updates:

  • Fixed reflected cross-site scripting (XSS) vulnerability in Code Snippet GeSHi plugin reported by Jiasheng He from Qihoo 360.

    Issue summary: The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSHi library was included as a vendor dependency in CKEditor 4 source files. In a specific scenario, an attacker could craft a malicious script that could be executed by sending a request to the GeSHi library hosted on a PHP web server. See GHA for more details.

  • Fixed low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover

    Issue summery: A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on CKEditor 4 instances. Although the vulnerability is purely hypothetical, we have addressed it in CKEditor 4.25.0-lts to ensure compliance with security best practices. See GHA for more details.

You can read more details in the relevant security advisories. Contact us if you have more questions.

An upgrade is highly recommended!

Updated dependencies:

  • CodeMirror (used only in the Toolbar Configurator in samples) has been updated to v5.65.17 for improved stability and performance.

  • Highlight.js (used by the Code Snippet plugin) has been updated to v11.9.0, introducing two breaking changes:

    • dropped support for Internet Explorer,
    • updated list of the supported themes – some of the themes are no longer officially supported, others may have their names changed (e.g. monokai_sublime is now monokai-sublime). Please verify the value of your config.codeSnippet_theme configuration option and adjust theme names as needed. The list of available themes can be checked in the plugins/codesnippet/lib/highlight/styles directory.

CKEditor 4.24.0-lts

⚠️️️ Please note that this release is a part of CKEditor 4 Extended Support Model, only available to customers who decided to acquire the LTS (Long Term Support) version of the editor. All editor versions below 4.24.0-lts can no longer be considered as secure! ⚠️

Security Updates:

  • Fixed cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection reported by Michal Frýba, ALEF NULA.

    Issue summary: The vulnerability allowed to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. See GHA for more details.

  • Fixed cross-site scripting (XSS) vulnerability in AJAX sample reported by Rafael Pedrero, see INCIBE report.

    Issue summary: The vulnerability allowed to execute JavaScript code by abusing the AJAX sample. See GHA for more details.

  • Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature reported by Marcin Wyczechowski & Michał Majchrowicz AFINE Team.

    Issue summary: The vulnerability allowed to execute JavaScript code by abusing the misconfigured preview feature. See GHA for more details.

You can read more details in the relevant security advisories. Contact us if you have more questions.

An upgrade is highly recommended!

Fixed Issues:

  • Fixed: The CDATA parsing mechanism incorrectly detects the end of CDATA content. This fix unifies how style and script elements are parsed with the browser's behavior.

CKEditor 4.23.0-lts

This release introduces the LTS (”Long Term Support”) version of the editor, available under commercial terms ("Extended Support Model").

If you acquired the Extended Support Model for CKEditor 4 LTS, please read the CKEditor 4 LTS key activation guide.

CKEditor 4.22.0 / 4.22.1

⚠️ This is the last open source release of CKEditor 4. As announced in 2018, CKEditor 4 has reached its End of Life in June 2023.

New Features:

  • #5316: Added vertical margins support for list elements in the Paste from Word plugin.
  • #5410: Added the ability to indicate the language of styles in the Styles Combo plugin via the config.styleSet configuration option.
  • #5510: Added notification system to the editor informing users that the editor version is up-to-date and secure. See config.versionCheck configuration option to learn more.

Fixed Issues:

  • #5437: Fixed: Incorrect indication of selected items in combo boxes. The selected item was unmarked upon each opening of the combo box.
  • #5495: Fixed: Insufficient color ratio for links inside Notifications.

Other Changes:

  • #5412: Prevent using document.domain in Firefox in the Preview plugin.

Note: CKEditor 4.22.1 has been released immediately after 4.22.0 to fix the README issues on npm and contains no changes vs 4.22.0.

CKEditor 4.21.0

Security Updates:

A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed plugins.

This vulnerability might affect a small percentage of integrators that depend on dynamic editor initialization/destroy mechanism. See GitHub advisory for more details.

Potential breaking changes

In some rare cases, a security release may introduce a breaking change to your application. We have provided configuration options that will help you mitigate any potential issues with the upgrade:

  • Starting from version 4.21, the Iframe Dialog plugin applies the sandbox attribute by default, which restricts JavaScript code execution in the iframe element. To change this behavior, configure the config.iframe_attributes option.
  • Starting from version 4.21, the Media Embed plugin regenerates the entire content of the embed widget by default. To change this behavior, configure the config.embed_keepOriginalContent option.

If you choose to change either of the above options, make sure to properly configure Content Security Policy to avoid any potential security issues that may arise from embedding iframe elements on your web page.

You can read more details in the relevant security advisory and contact us if you have more questions.

An upgrade is highly recommended!

New Features:

Fixed Issues:

  • #5431: Fixed: No notification is shown when pasting or dropping unsupported image types into the editor.

CKEditor 4.20.2

Fixed Issues:

  • #439: Fixed: Incorrect Tab and Shift+Tab navigation for radio buttons inside the dialog.
  • #4829: Fixed: Undo reversed entire table content instead of a single cell. Thanks to that fix, multiple changes in a table can be undone one by one.
  • #5396: Fixed: Event listeners for popstate and hashchange events on the window, added by the Maximize plugin, were not removed when destroying the editor instance.
  • #5414: Fixed: File and image uploaders based on the Upload Widget plugin and Easy Image plugin didn't fire the change event upon finishing upload, resulting in passing incorrect data in form controls for integration frameworks, like Reactive forms in Angular.
  • #698: Fixed: An error was thrown after applying formatting to the widget with inline editable and switching to the source mode. Thanks to Glen!

API changes:

CKEditor 4.20.1

Fixed Issues:

  • #5333: Fixed: The original name of the uploaded image is not preserved by the Upload Image plugin if the Clipboard plugin has enabled image handling.
  • #2881: Fixed: Changing table headers from "Both" to "First column" in the Table dialog does not change the first column cell correctly.
  • #2996: Fixed: Table header "scope" attribute is incorrect for the "Headers: both" option in the Table dialog.
  • #4802: Fixed: Tableselection caret moves to the previous cell after tabbing into the next cell and then removing its content.
  • #5365: Fixed: The value of the config.baseFloatZIndex config variable is incorrectly applied to parent dialog when the child dialog is closed resulting in the dialog overlay covering up the dialog. Thanks to JenoDK!
  • #5305: Fixed: Anchor name can invalidly include spaces.

CKEditor 4.20

New Features:

Fixed Issues:

API changes:

CKEditor 4.19.1

Fixed Issues:

API changes:

  • #5184: Added the config.editorplaceholder_delay configuration option allowing to delay placeholder before it is toggled when changing editor content.
  • #5184: Added the CKEDITOR.tools#debounce() function allowing to postpone a passed function execution until the given milliseconds have elapsed since the last time it was invoked.

CKEditor 4.19.0

New features:

Fixed Issues:

  • #4543: Fixed: Toolbar buttons toggle state is not correctly announced by screen readers lacking the information whether the feature is on or off.
  • #4052: Fixed: Editor labels are read incorrectly by screen readers due to invalid editor control type for the Iframe Editing Area editors.
  • #1904: Fixed: Screen readers are not announcing the read-only editor state.
  • #4904: Fixed: Table cell selection and navigation with the tab key behavior is inconsistent after adding a new row.
  • #3394: Fixed: Enhanced image plugin dialog is not supporting URL with query string parameters. Thanks to Simon Urli!
  • #5049: Fixed: The editor fails in strict mode due to not following the use strict directives in a core editor module.
  • #5095: Fixed: The clipboard plugin shows notification about unsupported file format when the file type is different than jpg, gif, png, not respecting supported types by the Upload Widget plugin.
  • #4855: [iOS] Fixed: Focusing toolbar buttons with an enabled VoiceOver screen reader moves the browser focus into an editable area and interrupts button functionality.

API changes:

CKEditor 4.18.0

Security Updates:

  • Fixed an XSS vulnerability in the core module reported by GitHub Security Lab team member Kevin Backhouse.

    Issue summary: The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing a JavaScript code. See CVE-2022-24728 for more details.

  • Fixed a Regular expression Denial of Service (ReDoS) vulnerability in dialog plugin discovered by the CKEditor 4 team during our regular security audit.

    Issue summary: The vulnerability allowed to abuse a dialog input validator regular expression, which could cause a significant performance drop resulting in a browser tab freeze. See CVE-2022-24729 for more details.

You can read more details in the relevant security advisory and contact us if you have more questions.

An upgrade is highly recommended!

Highlights:

Web Spell Checker ended support for WebSpellChecker Dialog on December 31st, 2021. This means the plugin is not supported any longer. Therefore, we decided to deprecate and remove the WebSpellChecker Dialog plugin from CKEditor 4 presets.

We strongly encourage everyone to choose one of the other available spellchecking solutions - Spell Check As You Type (SCAYT) or WProofreader.

Fixed issues:

Other changes:

  • #5093: Deprecated and removed WebSpellChecker Dialog from presets.
  • #5127: Deprecated the CKEDITOR.rnd property to discourage using it in a security-sensitive context.
  • #5087: Improved the jQuery adapter by replacing a deprecated jQuery API with existing counterparts. Thanks to Fran Boon!
  • #5128: Improved the Emoji definitions encoding set by the config.emoji_emojiListUrl configuration option.

CKEditor 4.17.2

Fixed issues:

  • #4934: Fixed: Active focus in dialog tabs is not visible in the High Contrast mode.
  • #547: Fixed: Dragging and dropping elements like images within a table is no longer available.
  • #4875: Fixed: It is not possible to delete multiple selected lists.
  • #4873: Fixed: Pasting content from MS Word and Outlook with horizontal lines prevents images from being uploaded.
  • #4952: Fixed: Dragging and dropping images within a table cell appends additional elements.
  • #4761: Fixed: Some CSS files are missing unique timestamp used to prevent browser to cache static resources between editor releases.
  • #4987: Fixed: Find/Replace is not recognizing more than one space character.
  • #5061: Fixed: Find/Replace plugin incorrectly handles multiple whitespace during replacing text.
  • #5004: Fixed: MutationObserver used in IFrame Editing Area plugin causes memory leaks.
  • #4994: Fixed: Easy Image plugin caused content pasted from Word to turn into an image.

API changes:

Other changes:

  • #5014: Fixed: Toolbar configurator fails when plugin does not define a toolbar group. Thanks to SuperPat!

CKEditor 4.17.1

Highlights:

Due to a regression in CKEeditor 4.17.0 version that was only revealed after the release and affected a limited area of operation, CSS assets loaded via relative links started to point into invalid location when loaded from external resources.

We have therefore decided to immediately release CKEditor 4.17.1 that fixed this problem. If you have already upgraded to v4.17.0, make sure to upgrade to v4.17.1 to avoid this regression.

Fixed issues:

  • #4979: Fixed: Added cache key in #4761 started to breaking relative links for external CSS resources. The fix has been reverted and will be corrected in the next editor version.

CKEditor 4.17

Security Updates:

  • Fixed XSS vulnerability in the core module reported by William Bowling.

    Issue summary: The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. See CVE-2021-41165 for more details.

  • Fixed XSS vulnerability in the core module reported by Maurice Dauer.

    Issue summary: The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. See CVE-2021-41164 for more details.

You can read more details in the relevant security advisory and contact us if you have more questions.

An upgrade is highly recommended!

Highlights:

Adobe ended support of Flash Player on December 31, 2020 and blocked Flash content from running in Flash Player beginning January 12, 2021. We have decided to deprecate and remove the Flash plugin from CKEditor 4 to help protect users' systems and discourage using insecure software.

New Features:

  • #3433: Marked required fields in dialogs with asterisk (*) symbol.
  • #4374: Integrated the Maximize plugin with browser's History API.
  • #4461: Introduced the possibility to delay editor initialization while it is in a detached DOM element.
  • #4462: Introduced support for reattaching editor container element to DOM.
  • #4612: Allow pasting images as Base64 from clipboard in all browsers except IE.
  • #4681: Allow drag and drop images as Base64.
  • #4750: Added notification for pasting and dropping unsupported file types into the editor.
  • #4807: [Chrome] Improved the performance of pasting large images. Thanks to FlowIT-JIT!
  • #4850: Added support for loading content templates from HTML files. Thanks to Fynn96!
  • #4874: Added the config.clipboard_handleImages configuration option for enabling and disabling built-in support for pasting and dropping images in the Clipboard plugin. Thanks to FlowIT-JIT!
  • #4026: Preview plugin now uses the editor#title property for the title of the preview window. Thanks to Ely!
  • #4467: Added support for inserting content next to a block widgets using keyboard navigation. Thanks to bunglegrind!

Fixed Issues:

  • #3757: [Firefox] Fixed: images pasted from clipboard are not inserted as Base64-encoded images.
  • #3876: Fixed: The Print plugin incorrectly prints links and images.
  • #4444: [Firefox] Fixed: Print preview is incorrectly loaded from CDN.
  • #4596: Fixed: Incorrect handling of HSL/HSLA values in CKEDITOR.tools.color.
  • #4597: Fixed: Incorrect color conversion for HSL/HSLA values in CKEDITOR.tools.color.
  • #4604: Fixed: CKEDITOR.plugins.clipboard.dataTransfer#getTypes() returns no types.
  • #4761: Fixed: Not all resources loaded by the editor respect the cache key.
  • #4783: Fixed: The Accessibility Help dialog does not contain info about focus being moved back to the editing area upon activating a toolbar button.
  • #4790: Fixed: Printing page is invoked before the printed page is fully loaded.
  • #4874: Fixed: Built-in support for pasting and dropping images in the Clipboard plugin restricts third party plugins from handling image pasting. Thanks to FlowIT-JIT!
  • #4888: Fixed: The CKEDITOR.dialog#setState() method throws error when there is no "OK" button in the dialog.
  • #4858: Fixed: The Autolink plugin incorrectly escapes the & characters when pasting links into the editor.
  • #4892: Fixed: Focus of buttons in dialogs is not visible enough in High Contrast mode.
  • #3858: Fixed: Pasting content in ENTER_BR enter mode crashes the editor.
  • #4891: Fixed: The Autogrow plugin applies fixed width to the editor.

API Changes:

Other Changes:

  • #4866: The Flash plugin is now deprecated and has been removed from CKEditor 4.
  • #4901: Redesigned buttons placement in the Content templates dialog to make it more UX friendly. Thanks to Fynn96!

CKEditor 4.16.2

Security Updates:

  • Fixed XSS vulnerability in the Clipboard plugin reported by Anton Subbotin.

    Issue summary: The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. See CVE-2021-32809 for more details.

  • Fixed XSS vulnerability in the Widget plugin reported by Anton Subbotin.

    Issue summary: The vulnerability allowed to abuse undo functionality using malformed Widget HTML, which could result in executing JavaScript code. See CVE-2021-32808 for more details.

  • Fixed XSS vulnerability in the Fake Objects plugin reported by Mika Kulmala.

    Issue summary: The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. See CVE-2021-37695 for more details.

You can read more details in the relevant security advisory and contact us if you have more questions.

An upgrade is highly recommended!

Fixed Issues:

  • #4777: Fixed: HTML comments in widgets not processed correctly.
  • #4733: Fixed: Link prevent duplicate anchors in text with styles.
    • #4728: Fixed: Multiple anchors in one line and multi-line with text style.
    • #3863: Fixed: Multiple anchors in single word with text style.
  • #3819: [Chrome] Fixed: After removing one of the two consecutive spaces, the   character appears in the editor instead of a space.
  • #4666: [IE] Introduce CSS.escape polyfill. Thanks to limingli0707!
    • #681: Fixed: Table elements (td, tr, th, ..) with an id that starts with dot (.) causes javascript runtime err.
    • #641: Fixed: UploadImage Plugin Widgets not working in IE, Opera, Safari, PhantomJS.
  • #3638: Fixed: Opening the same dialog twice causes it to become hidden under the dialog's page cover.
  • #4247: Fixed: Color Button's incorrect rendering on the first opening.
  • #4555: Fixed: Font styles with attributes are not applied correctly when used multiple times over the same selection.
  • #4782: [Firefox] Fixed: TypeError is thrown when switching to Source View and back while Autocomplete plugin is enabled.

CKEditor 4.16.1

Fixed Issues:

  • #4617: Fixed: Autocomplete is not accessible in inline editors.
  • #4493: Fixed: The drop-down label does not reflect the current value of the drop-down.
  • #1572: Fixed: A paragraph before or after a widget cannot be removed. Thanks to bunglegrind!
  • #4301: Fixed: Pasted content is overwritten when pasted in an initially empty editor with the div Enter mode.
  • #4351: Fixed: Incorrect values for RGBA/HSLA colors in Color Dialog.
  • #4509: Fixed: Incorrect handling of drag & drop inside widgets and nested editables.
  • #4611: [Android, iOS] Fixed: Incorrect hover styles for buttons in the toolbar on mobile devices.
  • #4652: Fixed: Event data set to false is treated as an event cancellation.
  • #4659: Fixed: CKEDITOR.htmlParser does not treat --!> as a comment end tag correctly.

CKEditor 4.16

Security Updates:

  • Fixed ReDoS vulnerability in the Autolink plugin.

    Issue summary: It was possible to execute a ReDoS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted URL-like text into the editor and press Enter or Space.

  • Fixed ReDoS vulnerability in the Advanced Tab for Dialogs plugin.

    Issue summary: It was possible to execute a ReDoS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted text into the Styles dialog.

An upgrade is highly recommended!

New Features:

  • #2800: Unsupported image formats are now gracefully handled by the Paste from Word plugin on paste, additionally showing descriptive error messages.
  • #2800: Unsupported image formats are now gracefully handled by the Paste from LibreOffice plugin on paste, additionally showing descriptive error messages.
  • #3582: Introduced smart positioning of the Autocomplete panel used by the Mentions and Emoji plugins. The panel will now be additionally positioned related to the browser viewport to be always fully visible.
  • #4388: Added the option to remove an iframe created with the IFrame Dialog plugin from the sequential keyboard navigation using the tabindex attribute. Thanks to Timo Kirkkala!

Fixed Issues:

API Changes:

Other Changes:

CKEditor 4.15.1

Security Updates:

  • Fixed XSS vulnerability in the Color History feature reported by Mark Wade.

    Issue summary: It was possible to execute an XSS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted HTML code into the Color Button dialog.

An upgrade is highly recommended!

Fixed Issues:

API Changes:

Other Changes:

CKEditor 4.15

New features:

Fixed Issues:

CKEditor 4.14.1

Fixed Issues:

Other Changes:

CKEditor 4.14

Security Updates:

  • Fixed XSS vulnerability in the HTML data processor reported by Michał Bentkowski of Securitum.

    Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode or (i) copy the specially crafted HTML code, prepared by the attacker and (ii) paste it into CKEditor in WYSIWYG mode.

  • Fixed XSS vulnerability in the WebSpellChecker Dialog plugin reported by Pham Van Khanh from Viettel Cyber Security.

    Issue summary: It was possible to execute XSS using CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, then (iii) switch back to WYSIWYG mode, and (iv) preview CKEditor content outside CKEditor editable area.

An upgrade is highly recommended!

New features:

Fixed Issues:

  • #3587: [Edge, IE] Fixed: Widget with form input elements loses focus during typing.
  • #3705: [Safari] Fixed: Safari incorrectly removes blocks with the editor.extractSelectedHtml() method after selecting all content.
  • #1306: Fixed: The Font plugin creates nested HTML <span> tags when reapplying the same font multiple times.
  • #3498: Fixed: The editor throws an error during the copy operation when a widget is partially selected.
  • #2517: [Chrome, Firefox, Safari] Fixed: Inserting a new image when the selection partially covers an existing enhanced image widget throws an error.
  • #3007: [Chrome, Firefox, Safari] Fixed: Cannot modify the editor content once the selection is released over a widget.
  • #3698: Fixed: Cutting the selected text when a widget is partially selected merges paragraphs.

API Changes:

CKEditor 4.13.1

Fixed Issues:

  • #875: Fixed: Pasting inside the editor that contains a table with the Table Selection plugin after selecting all content replaces only the table element instead of the entire content.
  • #3415: [Firefox] Fixed: Pasting individual list elements fails. Thanks to Jack Wickham!
  • #3413: Fixed: Menu items with labels containing double quotes are rendered incorrectly.
  • #3475: [Firefox] Fixed: Pasting plain text over existing content fails and throws an error.
  • #2027: Fixed: Incorrect email display text after reopening the Link dialog for display names starting with @.
  • #3544: Fixed: The Special Characters dialog read incorrectly by screen readers due to empty table cells at the end.
  • #1653: Fixed: Balloon Toolbar is not repositioned when the editor is scrolled with the Div Editing Area feature enabled.
  • #3559: Fixed: Color Dialog is incorrectly positioned when used with another dialog.
  • #3593: Fixed: Cannot access a text or comment node when replacing an element node with them via CKEDITOR.htmlParser.filter.
  • #3524: Fixed: The Easy Image plugin throws an error when any image with an unsupported data type is pasted into the editor.
  • #3552: Fixed: Incorrect value of CKEDITOR.plugins.widget.repository#selected after selecting the whole editor content.
  • #3586: Fixed: Content pasted from Microsoft Excel is not correctly recognised by the Paste from Word plugin.
  • #3585: [Firefox] Fixed: Microsoft Excel content is pasted as an image.
  • #3625: [Firefox] Fixed: Microsoft PowerPoint content is pasted as an image.
  • #3474: Fixed: Incorrect focus order after any tab in a dialog was clicked.
  • #3689: Fixed: Cannot change dialog tabs with keyboard arrow keys after focusing any tab with a mouse click.

API Changes:

CKEditor 4.13

New Features:

  • #835: Extended support for pasting from external applications:
  • #3315: Added support for strikethrough in the BBCode plugin. Thanks to Alexander Kahl!
  • #3175: Introduced selection optimization mechanism for handling incorrect selection behaviors in various browsers:
    • #3256: Triple-clicking in the last table cell and deleting content no longer pulls the content below into the table.
    • #3118: Selecting a paragraph with a triple-click and applying a heading applies the heading only to the selected paragraph.
    • #3161: Double-clicking a <span> element containing just one word creates a correct selection including the clicked <span> only.
  • #3359: Improved dialog positioning and behavior when the dialog is resized or moved, or the browser window is resized.
  • #2227: Added the config.linkDefaultProtocol configuration option that allows setting the default URL protocol for the Link plugin dialog.
  • #3240: Extended the CKEDITOR.plugins.widget#mask property to allow masking only the specified part of a widget.
  • #3138: Added the possibility to use the widgetDefinition.getClipboardHtml() method to customize the widget HTML during copy, cut and drag operations.

Fixed Issues:

  • #808: Fixed: Widgets and other content disappear on drag and drop in read-only mode.
  • #3260: Fixed: Widget drag handler is visible in read-only mode.
  • #3261: Fixed: A widget initialized using the dialog has an incorrect owner document.
  • #3198: Fixed: Blurring and focusing the editor when a widget is focused creates an additional undo step.
  • #2859: [IE, Edge] Fixed: Various editor UI elements react to right mouse button click:
  • #3158: [Chrome, Safari] Fixed: Undo plugin breaks with the filling character.
  • #504: [Edge] Fixed: The editor's selection is collapsed to the beginning of the content when focusing the editor for the first time.
  • #3101: Fixed: CKEDITOR.dom.range#_getTableElement() returns null instead of a table element for edge cases.
  • #3287: Fixed: CKEDITOR.tools.promise initializes incorrectly if an AMD loader is present.
  • #3379: Fixed: Incorrect CKEDITOR.editor#getData() call when inserting content into the editor.
  • #941: Fixed: An error is thrown after styling a table cell text selected using the native selection when the Table Selection plugin is enabled.
  • #3136: [Firefox] Fixed: Clicking Balloon Toolbar items removes the native table selection.
  • #3381: [IE8] Fixed: The CKEDITOR.tools.object.keys() method does not accept non-objects.
  • #2395: [Android] Fixed: Focused input in a dialog is scrolled out of the viewport when the soft keyboard appears.
  • #453: Fixed: Link dialog has an invalid width when the editor is maximized and the browser window is resized.
  • #2138: Fixed: An email address containing a question mark is mishandled by the Link plugin.
  • #14613: Fixed: Race condition when loading plugins for an already destroyed editor instance throws an error.
  • #2257: Fixed: The editor throws an exception when destroyed shortly after it was created.
  • #3115: Fixed: Destroying the editor during the initialization throws an error.
  • #3354: [iOS] Fixed: Pasting no longer works on iOS version 13.
  • #3423 Fixed: Bookmarks can be created inside temporary elements.

API Changes:

CKEditor 4.12.1

Fixed Issues:

CKEditor 4.12

New Features:

Fixed Issues:

API Changes:

Other Changes:

CKEditor 4.11.4

Fixed Issues:

Other Changes:

  • Updated WebSpellChecker (WSC) and SpellCheckAsYouType (SCAYT) plugins:
    • Language dictionary update: German language was extended with over 600k new words.
    • Language dictionary update: Swedish language was extended with over 300k new words.
    • Grammar support added for Australian and New Zealand English, Polish, Slovak, Slovenian and Austrian languages.
    • Changed wavy red and green lines that underline spelling and grammar errors to straight ones.
    • #55: Fixed: WSC does not use CKEDITOR.getUrl() when referencing style sheets.
    • #166: Fixed: SCAYT does not use CKEDITOR.getUrl() when referencing style sheets.
    • #56: [Chrome] Fixed: SCAYT/WSC throws errors when running inside a Chrome extension.
    • Fixed: After removing a dictionary, the words are not underlined and considered as incorrect.
    • Fixed: The Slovenian (sl_SL) language does not work.
    • Fixed: Quotes with code U+2019 (Right single quotation mark) are considered separators.
    • Fixed: Wrong error message formatting when the service ID is invalid.
    • Fixed: Absent languages in the Languages tab when using SCAYT with the Shared Spaces plugin.

CKEditor 4.11.3

Fixed Issues:

  • #2721, #487: Fixed: The order of sublist items is reversed when a higher level list item is removed.
  • #2527: Fixed: Emoji autocomplete order does not prioritize emojis with the name starting from the used string.
  • #2572: Fixed: Icons in the Emoji dropdown navigation groups are not centered.
  • #1191: Fixed: Items in the elements path are draggable.
  • #2292: Fixed: Dropping a list with a link on the editor's margin causes a console error and removes the dragged text from editor.
  • #2756: Fixed: The Auto Link plugin causes an error when typing in the source editing mode.
  • #1986: Fixed: The Cell Properties dialog from the Table Tools plugin shows styles that are not allowed through config.allowedContent.
  • #2565: [IE, Edge] Fixed: Buttons in the editor toolbar are activated by clicking them with the right mouse button.
  • #2792: Fixed: A bug in the Copy Formatting plugin that caused the following issues:
    • #2780: Fixed: Undo steps disappear after multiple changes of selection.
    • #2470: [Firefox] Fixed: Widget's nested editable gets blurred upon focus.
    • #2655: [Chrome, Safari] Fixed: Widget's nested editable cannot be focused under certain circumstances.

CKEditor 4.11.2

Fixed Issues:

  • #2403: Fixed: Styling inline editor initialized inside a table with the Table Selection plugin is causing style leaks.
  • #2514: Fixed: Pasting table data into inline editor initialized inside a table with the Table Selection plugin inserts pasted content into the wrapping table.
  • #2451: Fixed: The Remove Format plugin changes selection.
  • #2546: Fixed: The separator in the toolbar moves when buttons are focused.
  • #2506: Fixed: Enhanced Image throws a type error when an empty <figure> tag with an image class is upcasted.
  • #2650: Fixed: Table dialog validator fails when the getValue() function is defined in the global scope.
  • #2690: Fixed: Decimal characters are removed from the inside of numbered lists when pasting content using the Paste from Word plugin.
  • #2205: Fixed: It is not possible to add new list items under an item containing a block element.
  • #2411, #2438 Fixed: Apply numbered list option throws a console error for a specific markup.
  • #2430 Fixed: Color Button and List Block items are draggable.

Other Changes:

  • Updated the WebSpellChecker (WSC) plugin:
    • #52 Fixed: Clicking "Finish Checking" without a prior action would hang the Spell Checking dialog.
  • #2603: Corrected the GPL license entry in the package.json file.

CKEditor 4.11.1

Fixed Issues:

  • #2571: Fixed: Clicking the categories in the Emoji dropdown panel scrolls the entire page.

CKEditor 4.11

Security Updates:

  • Fixed XSS vulnerability in the HTML parser reported by maxarr.

    Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.

An upgrade is highly recommended!

New Features:

  • #2062: Added the emoji dropdown that allows the user to choose the emoji from the toolbar and search for them using keywords.
  • #2154: The Link plugin now supports phone number links.
  • #1815: The Auto Link plugin supports typing link completion.
  • #2478: Link can be inserted using the Ctrl/Cmd + K keystroke.
  • #651: Text pasted using the Paste from Word plugin preserves indentation in paragraphs.
  • #2248: Added support for justification in the BBCode plugin. Thanks to Matěj Kmínek!
  • #706: Added a different cursor style when selecting cells for the Table Selection plugin.
  • #2072: The UI Button plugin supports custom aria-haspopup property values. The Menu Button aria-haspopup value is now menu, the Panel Button and Rich Combo aria-haspopup value is now listbox.
  • #1176: The Balloon Panel can now be attached to a selection instead of an element.
  • #2202: Added the contextmenu_contentsCss configuration option to allow adding custom CSS to the Context Menu.

Fixed Issues:

  • #1477: Fixed: On destroy, Balloon Toolbar does not destroy its content.
  • #2394: Fixed: Emoji dropdown does not show up with repeated symbols in a single line.
  • #1181: [Chrome] Fixed: Opening the context menu in a read-only editor results in an error.
  • #2276: [iOS] Fixed: Button state does not refresh properly.
  • #1489: Fixed: Table contents can be removed in read-only mode when the Table Selection plugin is used.
  • #1264 Fixed: Right-click does not clear the selection created with the Table Selection plugin.
  • #586 Fixed: The required attribute is not correctly recognized by the Form Elements plugin dialog. Thanks to Roli Züger!
  • #2380 Fixed: Styling HTML comments in a top-level element results in extra paragraphs.
  • #2294 Fixed: Pasting content from Microsoft Outlook and then bolding it results in an error.
  • #2035 [Edge] Fixed: Permission denied is thrown when opening a Panel instance.
  • #965 Fixed: The config.forceSimpleAmpersand option does not work. Thanks to Alex Maris!
  • #2448: Fixed: The [Escape HTML Entities] plugin with custom additional entities configuration breaks HTML escaping.
  • #898: Fixed: Enhanced Image long alternative text protrudes into the editor when the image is selected.
  • #1113: [Firefox] Fixed: Nested contenteditable elements path is not updated on focus with the Div Editing Area plugin.
  • #1682 Fixed: Hovering the Balloon Toolbar panel changes its size, causing flickering.
  • #421 Fixed: Expandable Button puts the (Selected) text at the end of the label when clicked.
  • #1454: Fixed: The onAbort method of the Upload Widget is not called when the loader is aborted.
  • #1451: Fixed: The context menu is incorrectly positioned when opened with Shift+F10.
  • #1722: CKEDITOR.filter.instances is causing memory leaks.
  • #2491: Fixed: The Mentions plugin is not matching diacritic characters.
  • #2519: Fixed: The Accessibility Help dialog should display all available keystrokes for a single command.

API Changes:

Other Changes:

  • #1713: Removed the redundant lang.title entry from the Clipboard plugin.

CKEditor 4.10.1

Fixed Issues:

  • #2114: Fixed: Autocomplete cannot be initialized before instanceReady.
  • #2107: Fixed: Holding and releasing the mouse button is not inserting an autocomplete suggestion.
  • #2167: Fixed: Matching in Emoji plugin is not case insensitive.
  • #2195: Fixed: Emoji shows the suggestion box when the colon is preceded with other characters than white space.
  • #2169: [Edge] Fixed: Error thrown when pasting into the editor.
  • #1084 Fixed: Using the "Automatic" option with Color Button on a text with the color already defined sets an invalid color value.
  • #2271: Fixed: Custom color name not used as a label in the Color Button plugin. Thanks to Eric Geloen!
  • #2296: Fixed: The Color Button plugin throws an error when activated on content containing HTML comments.
  • #966: Fixed: Executing editor.destroy() during the file upload throws an error. Thanks to Maksim Makarevich!
  • #1719: Fixed: Ctrl/Cmd + A inadvertently focuses inline editor if it is starting and ending with a list. Thanks to theNailz!
  • #1046: Fixed: Subsequent new links do not include the id attribute. Thanks to Nathan Samson!
  • #1348: Fixed: Enhanced Image plugin aspect ratio locking uses an old width and height on image URL change.
  • #1791: Fixed: Image and Enhanced Image plugins can be enabled when Easy Image is present.
  • #2254: Fixed: Image ratio locking is too precise for resized images. Thanks to Jonathan Gilbert!
  • #1184: [IE8-11] Fixed: Copying and pasting data in read-only mode throws an error.
  • #1916: [IE9-11] Fixed: Pressing the Delete key in read-only mode throws an error.
  • #2003: [Firefox] Fixed: Right-clicking multiple selected table cells containing empty paragraphs removes the selection.
  • #1816: Fixed: Table breaks when Enter is pressed over the Table Selection plugin.
  • #1115: Fixed: The <font> tag is not preserved when proper configuration is provided and a style is applied by the Font plugin.
  • #727: Fixed: Custom styles may be invisible in the Styles Combo plugin.
  • #988: Fixed: ACF-enabled custom elements prefixed with object, embed, param are removed from the editor content.

API Changes:

CKEditor 4.10

New Features:

  • #1751: Introduced the Autocomplete feature that consists of the following plugins:
  • #1703: Introduced the Mentions plugin providing smart completion feature for custom text matches based on user input starting with a chosen marker character.
  • #1746: Introduced the Emoji plugin providing completion feature for emoji ideograms.
  • #1761: The Auto Link plugin now supports email links.

Fixed Issues:

  • #1458: [Edge] Fixed: After blurring the editor it takes 2 clicks to focus a widget.
  • #1034: Fixed: JAWS leaves forms mode after pressing the Enter key in an inline editor instance.
  • #1748: Fixed: Missing CKEDITOR.dialog.definition.onHide API documentation. Thanks to sunnyone!
  • #1321: Fixed: Ideographic space character (\u3000) is lost when pasting text.
  • #1776: Fixed: Empty caption placeholder of the Image Base plugin is not hidden when blurred.
  • #1592: Fixed: The Image Base plugin caption is not visible after paste.
  • #620: Fixed: The config.forcePasteAsPlainText option is not respected in internal and cross-editor pasting.
  • #1467: Fixed: The resizing cursor of the Table Resize plugin appearing in the middle of a merged cell.

API Changes:

Other Changes:

  • Updated SCAYT (Spell Check As You Type) and WebSpellChecker (WSC) plugins:
    • Language dictionary update: Added support for the Uzbek Latin language.
    • Languages no longer supported as additional languages: Manx - Isle of Man (gv_GB) and Interlingua (ia_XR).
    • Extended and improved language dictionaries: Georgian and Swedish. Also added the missing word "Ensure" to the American, British and Canada English language.
    • #141 Fixed: SCAYT throws "Uncaught Error: Error in RangyWrappedRange module: createRange(): Parameter must be a Window object or DOM node".
    • #153 [Chrome] Fixed: Correcting a word in the widget in SCAYT moves focus to another editable.
    • #155 [IE8] Fixed: SCAYT throws an error and does not work.
    • #156 [IE10] Fixed: SCAYT does not seem to work.
    • Fixed: After some text is dragged and dropped, the markup is not refreshed for grammar problems in SCAYT.
    • Fixed: Request to FastCGI fails when the user tries to replace a word with non-English characters with a proper suggestion in WSC.
    • [Firefox] Fixed: Ctrl+Z removes focus in SCAYT.
    • Grammar support for default languages was improved.
    • New application source URL was added in SCAYT.
    • Removed green marks and legend related to grammar-supported languages in the Languages tab of SCAYT. Grammar is now supported for almost all the anguages in the list for an additional fee.
    • Fixed: JavaScript error in the console: "Cannot read property 'split' of undefined" in SCAYT and WSC.
    • [IE10] Fixed: Markup is not set for a specific case in SCAYT.
    • Fixed: Accessibility issue: No alt attribute for the logo image in the About tab of SCAYT.

CKEditor 4.9.2

Security Updates:

  • Fixed XSS vulnerability in the Enhanced Image (image2) plugin reported by Kyaw Min Thein.

    Issue summary: It was possible to execute XSS inside CKEditor using the <img> tag and specially crafted HTML. Please note that the default presets (Basic/Standard/Full) do not include this plugin, so you are only at risk if you made a custom build and enabled this plugin.

We would like to thank the Drupal security team for bringing this matter to our attention and coordinating the fix and release process!

CKEditor 4.9.1

Fixed Issues:

CKEditor 4.9

New Features:

  • #932: Introduced Easy Image feature for inserting images that are automatically rescaled, optimized, responsive and delivered through a blazing-fast CDN. Three new plugins were added to support it:
  • #1338: Keystroke labels are displayed for function keys (like F7, F8).
  • #643: The File Browser plugin can now upload files using XHR requests. This allows for setting custom HTTP headers using the config.fileTools_requestHeaders configuration option.
  • #1365: The File Browser plugin uses XHR requests by default.
  • #1399: Added the possibility to set CKEDITOR.config.startupFocus as start or end to specify where the editor focus should be after the initialization.
  • #1441: The Magic Line plugin line element can now be identified by the data-cke-magic-line="1" attribute.

Fixed Issues:

API Changes:

Other Changes:

  • Updated SCAYT (Spell Check As You Type) and WebSpellChecker (WSC) plugins:
    • SCAYT scayt_minWordLength configuration option now defaults to 3 instead of 4.
    • SCAYT default number of suggested words in the context menu changed to 3.
    • #90: Fixed: Selection is lost on link creation if SCAYT highlights the word.
    • Fixed: SCAYT crashes when the browser localStorage is disabled.
    • [IE11] Fixed: Unable to get property type of undefined or null reference error in the browser console when SCAYT is disabled/enabled.
    • #46: Fixed: Editing is blocked when remote spell checker server is offline.
    • Fixed: User Dictionary cannot be created in WSC due to You already have the dictionary error.
    • Fixed: Words with apostrophe ' on the replacement make the WSC dialog inaccessible.
    • Fixed: SCAYT/WSC causes the Uncaught TypeError error in the browser console.
  • #1337: Updated the samples layout with the new CKEditor 4 logo and color scheme.
  • #1591: CKBuilder and language tools are now downloaded over HTTPS. Thanks to August Detlefsen!

CKEditor 4.8

Important Notes:

New Features:

  • #933: Introduced Balloon Toolbar plugin.
  • #662: Introduced image inlining for the Paste from Word plugin.
  • #468: [Edge] Introduced support for the Clipboard API.
  • #607: Manually inserted Hex color is prefixed with a hash character (#) if needed. It ensures a valid Hex color value is used when setting the table cell border or background color with the Color Dialog window.
  • #584: Font size and Family and Format drop-downs are not toggleable anymore. Default option to reset styles added.
  • #856: Introduced the CKEDITOR.tools.keystrokeToArray() method. It converts a keystroke into its string representation, returning every key name as a separate array element.
  • #1053: Introduced the CKEDITOR.tools.object.merge() method. It allows to merge two objects, returning the new object with all properties from both objects deeply cloned.
  • #1073: Introduced the CKEDITOR.tools.array.every() method. It invokes a given test function on every array element and returns true if all elements pass the test.

Fixed Issues:

  • #796: Fixed: A list is pasted from OneNote in the reversed order.
  • #834: [IE9-11] Fixed: The editor does not save the selected state of radio buttons inserted by the Form Elements plugin.
  • #704: [Edge] Fixed: Using Ctrl/Cmd + Z breaks widget structure.
  • #591: Fixed: A column is inserted in a wrong order inside the table if any cell has a vertical split.
  • #787: Fixed: Using Cut inside a nested table does not cut the selected content.
  • #842: Fixed: List style not restored when toggling list indent level in the Indent List plugin.
  • #711: Fixed: Dragging widgets should only work with the left mouse button.
  • #862: Fixed: The "Object Styles" group in the Styles Combo plugin is visible only if the whole element is selected.
  • #994: Fixed: Typo in the CKEDITOR.focusManager.focus() API documentation. Thanks to benjy!
  • #1014: Fixed: The Table Tools Cell Properties dialog is now Advanced Content Filter aware — it is not possible to change the cell width or height if corresponding styles are disabled.
  • #877: Fixed: A list with custom bullets with exotic characters crashes the editor when pasted from Word.
  • #605: Fixed: Inline widgets do not preserve trailing spaces.
  • #1008: Fixed: Shorthand Hex colors from the config.colorButton_colors option are not correctly highlighted in the Color Button Text Color or Background Color panel.
  • #1094: Fixed: Widget definition upcast methods are called for every element.
  • #1057: Fixed: The Notification plugin overwrites Web Notifications API due to leakage to the global scope.
  • #1068: Fixed: Upload widget paste listener ignores changes to the uploadWidgetDefinition.
  • #921: Fixed: [Edge] CKEditor erroneously perceives internal copy and paste as type "external".
  • #1213: Fixed: Multiple images uploaded using Upload Image plugin are randomly duplicated or mangled.
  • #532: Fixed: Removed an outdated user guide link from the About dialog.
  • #1221: Fixed: Invalid CSS loaded by Balloon Panel plugin when config.skin is loaded using a custom path.
  • #522: Fixed: Widget selection is not removed when widget is inside table cell with Table Selection plugin enabled.
  • #1027: Fixed: Cannot add multiple images to the table with Table Selection plugin in certain situations.
  • #1069: Fixed: Wrong shape processing by Paste from Word plugin.
  • #995: Fixed: Hyperlinked image gets inserted twice by Paste from Word plugin.
  • #1287: Fixed: Widget plugin throws exception if included in editor build but not loaded into editor's instance.

API Changes:

Other Changes:

  • #815: Removed Node.js dependency from the CKEditor build script.
  • #1041, #1131: Updated URLs pointing to CKSource and CKEditor resources after the launch of new websites.

CKEditor 4.7.3

New Features:

Fixed Issues:

  • #554: Fixed: change event not fired when typing the first character after pasting into the editor. Thanks to Daniel Miller!
  • #566: Fixed: The CSS border shorthand property with zero width (border: 0px solid #000;) causes the table to have the border attribute set to 1.
  • #779: Fixed: The Remove Format plugin removes elements with language definition inserted by the Language plugin.
  • #423: Fixed: The Paste from Word plugin pastes paragraphs into the editor even if CKEDITOR.config.enterMode is set to CKEDITOR.ENTER_BR.
  • #719: Fixed: Image inserted using the Enhanced Image plugin can be resized when the editor is in read-only mode.
  • #577: Fixed: The "Delete Columns" command provided by the Table Tools plugin throws an error when trying to delete columns.
  • #867: Fixed: Typing into a selected table throws an error.
  • #817: Fixed: The Save plugin does not work in Source Mode.

Other Changes:

CKEditor 4.7.2

New Features:

Fixed Issues:

  • #663: [Chrome] Fixed: Clicking the scrollbar throws an Uncaught TypeError: element.is is not a function error.
  • #694: Refactoring in the Table Selection plugin:
    • #520: Fixed: Widgets cannot be properly pasted into a table cell.
    • #460: Fixed: Editor gone after pasting into an editor within a table.
  • #579: Fixed: Internal cke_table-faked-selection-table class is visible in the Stylesheet Classes field of the Table Properties dialog.
  • #545: [Edge] Fixed: Error thrown when pressing the Select All button in Source Mode.
  • #582: Fixed: Double slash in the path to stylesheet needed by the Table Selection plugin. Thanks to Marius Dumitru Florea!
  • #491: Fixed: Unnecessary dependency on the Editor Toolbar plugin inside the Notification plugin.
  • #646: Fixed: Error thrown into the browser console after opening the Styles Combo plugin menu in the editor without any selection.
  • #501: Fixed: Double click does not open the dialog for modifying anchors inserted via the Link plugin.
  • #9780: [IE8-9] Fixed: Clicking inside an empty read-only editor throws an error.
  • #16820: [IE10] Fixed: Clicking below a single horizontal rule throws an error.
  • #426: Fixed: The range.cloneContents() method selects the whole element when the selection starts at the beginning of that element.
  • #644: Fixed: The range.extractContents() method returns an incorrect result when multiple nodes are selected.
  • #684: Fixed: The elementPath.contains() method incorrectly excludes the last element instead of root when the fromTop parameter is set to true.

Other Changes:

CKEditor 4.7.1

New Features:

Fixed Issues:

  • #515: [Chrome] Fixed: Mouse actions on CKEditor scrollbar throw an exception when the Table Selection plugin is loaded.
  • #493: Fixed: Selection started from a nested table causes an error in the browser while scrolling down.
  • #415: [Firefox] Fixed: Enter key breaks the table structure when pressed in a table selection.
  • #457: Fixed: Error thrown when deleting content from the editor with no selection.
  • #478: [Chrome] Fixed: Error thrown by the Enter Key plugin when pressing Enter with no selection.
  • #424: Fixed: Error thrown by Tab Key Handling and Indent List plugins when pressing Tab with no selection in inline editor.
  • #476: Fixed: Anchors inserted with the Link plugin on collapsed selection cannot be edited.
  • #417: Fixed: The Table Resize plugin throws an error when used with a table with only header or footer rows.
  • #523: Fixed: The editor.getCommandKeystroke() method does not obtain the correct keystroke.
  • #534: [IE] Fixed: Paste from Word does not work in Quirks Mode.
  • #450: Fixed: CKEDITOR.filter incorrectly transforms the margin CSS property.

CKEditor 4.7

Important Notes:

  • #13793: The embed_provider configuration option for the Media Embed and Semantic Media Embed plugins is no longer preset by default.
  • The UI Color plugin now uses a custom color picker instead of the YUI 2.7.0 library which has some known vulnerabilities (it's a security precaution, there was no security issue in CKEditor due to the way it was used).

New Features:

Fixed Issues:

  • #16935: [Chrome] Fixed: Blurring the editor in Source Mode throws an error.
  • #16825: [Chrome] Fixed: Error thrown when destroying a focused inline editor.
  • #16857: Fixed: Ctrl+Shift+V blocked by Copy Formatting.
  • #16845: [IE] Fixed: Cursor jumps to the top of the scrolled editor after focusing it when the Copy Formatting plugin is enabled.
  • #16786: Fixed: Added missing translations for the Copy Formatting plugin.
  • #14714: [WebKit/Blink] Fixed: Exception thrown on refocusing a blurred inline editor.
  • #16913: [Firefox, IE] Fixed: Paste as Plain Text keystroke does not work.
  • #16968: Fixed: [Safari] Paste as Plain Text is not handled by the editor.
  • #16912: Fixed: Exception thrown when a single image is pasted using Paste from Word.
  • #16821: Fixed: Extraneous <span> elements with height style stacked when pasting from Word.
  • #16866: [IE, Edge] Fixed: Whitespaces not preserved when pasting from Word.
  • #16860: Fixed: Paragraphs which only look like lists incorrectly transformed into them when pasting from Word.
  • #16817: Fixed: When pasting from Word, paragraphs are transformed into lists with some corrupted data.
  • #16833: [IE11] Fixed: Malformed list with headers pasted from Word.
  • #16826: [IE] Fixed: Superfluous paragraphs within lists pasted from Word.
  • #12465: Fixed: Cannot change the state of checkboxes or radio buttons if the properties dialog was invoked with a double-click.
  • #13062: Fixed: Impossible to unlink when the caret is at the edge of the link.
  • #13585: Fixed: Error when wrapping two adjacent <div> elements with a <div>.
  • #16811: Fixed: Table alignment is not preserved by the Paste from Word plugin.
  • #16810: Fixed: Vertical align in tables is not supported by the Paste from Word plugin.
  • #11956: [Blink, IE] Fixed: Link dialog does not open on a double click on the second word of the link with a background color or other styles.
  • #10472: Fixed: Unable to use Table Resize on table header and footer.
  • #14762: Fixed: Hovering over an empty table (without rows or cells) throws an error when the Table Resize plugin is active.
  • #16777: [Edge] Fixed: The Clipboard plugin does not allow to drop widgets into the editor.
  • #14894: [Chrome] Fixed: The editor scrolls to the top after focusing or when a dialog is opened.
  • #14769: Fixed: URLs with '-' in host are not detected by the Auto Link plugin.
  • #16804: Fixed: Focus is not on the first menu item when the user opens a context menu or a drop-down list from the editor toolbar.
  • #14407: [IE] Fixed: Non-editable widgets can be edited.
  • #16927: Fixed: An error thrown if a bundle containing the Color Button plugin is run in ES5 strict mode. Thanks to Igor Rubinovich!
  • #16920: Fixed: Several plugins not using the Dialog plugin as a direct dependency.
  • PR#336: Fixed: Typo in CKEDITOR.getCss() API documentation. Thanks to knusperpixel!
  • #17027: Fixed: Command event data should be initialized as an empty object.
  • Fixed the behavior of HTML parser when parsing src/srcdoc attributes of the <iframe> element in a CKEditor setup with ACF turned off and without the Iframe Dialog plugin. The issue was originally reported as a security issue by Sriramk21 from Pegasystems and was later downgraded by the security team into a normal issue due to the requirement of having ACF turned off. Disabling Advanced Content Filter is against security best practices, so the problem described above has not been considered a security issue as such.

Other Changes:

  • Updated SCAYT (Spell Check As You Type) and WebSpellChecker plugins:
    • Fixed: DOM Exception after clicking "Remove Language" on a selected word with enabled Language plugin in SCAYT.
  • #16958: Switched the default MathJax CDN provider for the Mathematical Formulas plugin from cdn.mathjax.org to cdnjs, due to closing of cdn.mathjax.org scheduled for April 30, 2017.
  • #16954: Removed the paste dialog.
  • #16982: Latest Safari now supports enhanced Clipboard API introduced in CKEditor 4.5.0.
  • #17025: Updated Bender.js to 0.4.2.

CKEditor 4.6.2

New Features:

Fixed Issues:

CKEditor 4.6.1

New Features:

Fixed Issues:

  • #11064: [Blink, WebKit] Fixed: Cannot select all editor content when a widget or a non-editable element is the first or last element of the content. Also fixes this issue in the Select All plugin.
  • #14755: [Blink, WebKit, IE8] Fixed: Browser hangs when a table is inserted in the place of a selected list with an empty last item.
  • #16624: Fixed: Improved the Color Button plugin which will now normalize the CSS background property if it only contains a color value. This fixes missing background colors when using Paste from Word.
  • #16600: [Blink, WebKit] Fixed: Error thrown occasionally by an uninitialized editable for multiple CKEditor instances on the same page.

CKEditor 4.6

New Features:

Fixed Issues:

Other Changes:

  • Updated SCAYT (Spell Check As You Type) and WebSpellChecker plugins:
    • Support for the new default Moono-Lisa skin.
    • #121: Fixed: Basic Styles do not work when SCAYT is enabled.
    • #125: Fixed: Inline styles are not continued when writing multiple lines of styled text with SCAYT enabled.
    • #127: Fixed: Uncaught TypeError after enabling SCAYT in the CKEditor <div> element.
    • #128: Fixed: Error thrown after enabling SCAYT caused by conflicts with RequireJS.

CKEditor 4.5.11

Security Updates:

  • [Severity: minor] Fixed the target="_blank" vulnerability reported by James Gaskell.

    Issue summary: If a victim had access to a spoofed version of ckeditor.com via HTTP (e.g. due to DNS spoofing, using a hacked public network or mailicious hotspot), then when using a link to the ckeditor.com website it was possible for the attacker to change the current URL of the opening page, even if the opening page was protected with SSL.

    An upgrade is recommended.

New Features:

Fixed Issues:

  • #13362: [Blink, WebKit] Fixed: Active widget element is not cached when it is losing focus and it is inside an editable element.
  • #13755: [Edge] Fixed: Pasting images does not work.
  • #13548: [IE] Fixed: Clicking the elements path disables Cut and Copy icons.
  • #13812: Fixed: When aborting file upload the placeholder for image is left.
  • #14659: [Blink] Fixed: Content scrolled to the top after closing the dialog in a <div>-based editor.
  • #14825: [Edge] Fixed: Focusing the editor causes unwanted scrolling due to dropped support for the setActive() method.

CKEditor 4.5.10

Fixed Issues:

  • #10750: Fixed: The editor does not escape the font-style family property correctly, removing quotes and whitespace from font names.
  • #14413: Fixed: The Auto Grow plugin with the config.autoGrow_onStartup option set to true does not work properly for an editor that is not visible.
  • #14451: Fixed: Numeric element ID not escaped properly. Thanks to Jakub Chalupa!
  • #14590: Fixed: Additional line break appearing after inline elements when switching modes. Thanks to dpidcock!
  • #14539: Fixed: JAWS reads "selected Blank" instead of "selected " when selecting a widget.
  • #14701: Fixed: More precise labels for Enhanced Image and Placeholder widgets.
  • #14667: [IE] Fixed: Removing background color from selected text removes background color from the whole paragraph.
  • #14252: [IE] Fixed: Styles drop-down list does not always reflect the current style of the text line.
  • #14275: [IE9+] Fixed: onerror and onload events are not used in browsers it could have been used when loading scripts dynamically.

CKEditor 4.5.9

Fixed Issues:

CKEditor 4.5.8

New Features:

Fixed Issues:

CKEditor 4.5.7

New Features:

Fixed Issues:

CKEditor 4.5.6

New Features:

Other Changes:

  • Updated SCAYT (Spell Check As You Type):
    • New features:
    • Fixed issues:
      • #98: SCAYT affects dialog double-click. Fixed in SCAYT core.
      • #102: SCAYT core performance enhancements.
      • #104: SCAYT's spans leak into the clipboard and after pasting.
      • #105: A JavaScript error fired in case of multiple instances of CKEditor on one page.
      • #107: SCAYT should not check non-editable parts of content.
      • #108: Latest SCAYT copies the ID of the editor element to the iframe.
      • SCAYT stops working when CKEditor Undo plugin not enabled.
      • Issue with pasting SCAYT markup in CKEditor.
      • SCAYT stops working after pressing the Cancel button in the WSC dialog.

CKEditor 4.5.5

Fixed Issues:

  • #13887: Fixed: Link plugin alters the target attribute value. Thanks to SamZiemer!
  • #12189: Fixed: The Link plugin dialog does not display the subject of email links if the subject parameter is not lowercase.
  • #9192: Fixed: An undefined string is appended to an email address added with the Link plugin if subject and email body are empty and config.emailProtection is set to encode.
  • #13790: Fixed: It is not possible to destroy the editor <iframe> after the editor was detached from DOM. Thanks to Stefan Rijnhart!
  • #13803: Fixed: The editor cannot be destroyed before being fully initialized. Thanks to Cyril Fluck!
  • #13867: Fixed: CKEditor does not work when the classList polyfill is used.
  • #13885: Fixed: Enhanced Image requires the Link plugin to link an image.
  • #13883: Fixed: Copying a table using the context menu strips off styles.
  • #13872: Fixed: Cutting is possible in the read-only mode.
  • #12848: [Blink] Fixed: Opening the Find and Replace dialog window in the read-only mode throws an exception.
  • #13879: Fixed: It is not possible to prevent the editor.drop event.
  • #13361: Fixed: Skin images fail when the site path includes parentheses because the background-image path needs single quotes around the URL value.
  • #13771: Fixed: The contents.css style is not used if the IFrame Editing Area plugin is missing.
  • #13782: Fixed: Unclear log messages.
  • #13919: [Edge] Fixed: Browser window crashes when accessing the isContentEditable property of an <input> DOM element.

Other Changes:

  • #13859: Test cases created with bender.tools.createTestsForEditors will also receive editor bot as a second parameter.

CKEditor 4.5.4

New Features:

  • #13632: Introduce error logging mechanism.
  • #13730: Switch to the new error logging mechanism.

Fixed Issues:

  • #9856: Fixed: Cannot use the native context menu together with the Div Editing Area plugin. Thanks to Mark Wade!
  • #12733: [IE9+] Fixed: Radio button onChange does not work. Thanks to Iliya Kostadinov!
  • #13142: [Edge] Fixed: Ctrl+A and then Backspace result in an empty <div> element.
  • #13599: Fixed: Cross-editor drag and drop of an inline widget results in error/artifacts.
  • #13640: [IE] Fixed: Dropping a widget outside the <body> element is not handled correctly.
  • #13533: Fixed: No progress during upload.
  • #13680: Fixed: The parser should allow the <h1-6> element to be a child of the <summary> element.
  • #11724: [Touch devices] Fixed: Drop-downs often hide right after opening them.
  • #13690: Fixed: Copying content from IE to Chrome adds an extra paragraph.
  • #13284: Fixed: Cannot drag and drop a widget if the text caret is placed just after the widget instance.
  • #13516: Fixed: CKEditor removes empty HTML5 anchors without the name attribute.
  • #13765: [Safari 9] Fixed: Problems with rendering samples.

Other Changes:

CKEditor 4.5.3

New Features:

Fixed Issues:

  • #13590: Fixed: Various issues related to the Paste from Word feature. Fixes also:
  • #13386: [Edge] Fixed: Issues with selecting and editing images.
  • #13568: Fixed: The editor.getSelectedHtml() method returns invalid results for entire content selection.
  • #13453: Fixed: Drag&drop of entire editor content throws an error.
  • #13465: Fixed: Error is thrown and the widget is lost on drag&drop if it is the only content of the editor.
  • #13414: Fixed: Content auto paragraphing in a nested editable despite editor configuration.
  • #13429: Fixed: Incorrect selection after content insertion by the Auto Embed plugin.
  • #13388: Fixed: Table Resize integration with Undo is broken.

Other Changes:

  • #13637: Several icons were refactored.
  • Updated Bender.js to 0.3.0 and introduced the ability to run tests via HTTPs (#13265).

CKEditor 4.5.2

Fixed Issues:

  • #13609: [Edge] Fixed: The browser crashes when switching to the source mode. Thanks to Andrew Williams and Mark Smeed!
  • PR#201: Fixed: Buttons in the toolbar configurator cause form submission. Thanks to colemanw!
  • #13422: Fixed: A monospaced font should be used in the <textarea> element storing editor configuration in the toolbar configurator.
  • #13494: Fixed: Error thrown in the toolbar configurator if plugin requirements are not met.
  • #13409: Fixed: List elements incorrectly merged when pressing Backspace or Delete.
  • #13434: Fixed: Dialog state indicator broken in Right–To–Left environments.
  • #13460: [IE8] Fixed: Copying inline widgets is broken when Advanced Content Filter is disabled.
  • #13495: [Firefox, IE] Fixed: Text is not word-wrapped in the Paste dialog window.
  • #13528: [Firefox@Windows] Fixed: Content copied from Microsoft Word and other external applications is pasted as a plain text. Removed the CKEDITOR.plugins.clipboard.isHtmlInExternalDataTransfer property as the check must be dynamic.
  • #13583: Fixed: DataTransfer.getData() should work consistently in all browsers and should not strip valuable content. Fixed pasting tables from Microsoft Excel on Chrome.
  • #13468: [IE] Fixed: Binding drag&drop dataTransfer does not work if text data was set in the meantime.
  • #13451: [IE8-9] Fixed: One drag&drop operation may affect following ones.
  • #13184: Fixed: Web page reloaded after a drop on editor UI.
  • #13129 Fixed: Block widget blurred after a drop followed by an undo.
  • #13397: Fixed: Drag&drop of a widget inside its nested widget crashes the editor.
  • #13385: Fixed: editor.getSnapshot() may return a non-string value.
  • #13419: Fixed: The Auto Link plugin does not encode double quotes in URLs.
  • #13420: Fixed: The Auto Embed plugin ignores encoded characters in URL parameters.
  • #13410: Fixed: Error thrown in the Auto Embed plugin when undoing right after pasting a link.
  • #13566: Fixed: Suppressed notifications in the Media Embed Base plugin.
  • #11616: [Chrome] Fixed: Resizing the editor while it is not displayed breaks the editable. Fixes also #9160 and #9715.
  • #11376: [IE11] Fixed: Loss of text when pasting bulleted lists from Microsoft Word.
  • #13143: [Edge] Fixed: Focus lost when opening the panel.
  • #13387: [Edge] Fixed: "Permission denied" error thrown when loading the editor with developer tools open.
  • #13574: [Edge] Fixed: "Permission denied" error thrown when opening editor dialog windows.
  • #13441: [Edge] Fixed: The Clipboard plugin breaks the state of Undo commands after a paste.
  • #13554: [Edge] Fixed: Paste dialog's iframe does not receive focus on show.
  • #13440: [Edge] Fixed: Unable to paste a widget.

Other Changes:

CKEditor 4.5.1

Fixed Issues:

  • #13486: Fixed: The Upload Image plugin should log an error, not throw an error when upload URL is not set.

CKEditor 4.5

New Features:

Fixed Issues:

  • #13334: Fixed: Error after nesting widgets and playing with undo/redo.
  • #13118: Fixed: The editor.getSelectedHtml() method throws an error when called in the source mode.
  • #13158: Fixed: Error after canceling a dialog when creating a widget.
  • #13197: Fixed: Linked inline Enhanced Image alignment class is not transferred to the widget wrapper.
  • #13199: Fixed: Semantic Embed does not support widget classes.
  • #13003: Fixed: Anchors are uploaded when moving them by drag and drop.
  • #13032: Fixed: When upload is done, notification update should be marked as important.
  • #13300: Fixed: The internalCommit argument in the Image dialog seems to be never used.
  • #13036: Fixed: Notifications are moved 10px to the right.
  • #13280: [IE8] Fixed: Undo after inline widget drag&drop throws an error.
  • #13186: Fixed: Content dropped into a nested editable is not filtered by Advanced Content Filter.
  • #13140: Fixed: Error thrown when dropping a block widget right after itself.
  • #13176: [IE8] Fixed: Errors on drag&drop of embed widgets.
  • #13015: Fixed: Dropping an image file on Enhanced Image causes a page reload.
  • #13080: Fixed: Ugly notification shown when the response contains HTML content.
  • #13011: [IE8] Fixed: Anchors are duplicated on drag&drop in specific locations.
  • #13105: Fixed: Various issues related to CKEDITOR.tools.htmlEncode() and CKEDITOR.tools.htmlDecode() methods.
  • #11976: [Chrome] Fixed: Copy&paste and drag&drop lists from Microsoft Word.
  • #13128: Fixed: Various issues with cloning element IDs:
  • Toolbar configurators:
    • #13185: Fixed: Wrong position of the suggestion box if there is not enough space below the caret.
    • #13138: Fixed: The "Toggle empty elements" button label is unclear.
    • #13136: Fixed: Autocompleter is far too intrusive.
    • #13133: Fixed: Tab leaves the editor.
    • #13173: Fixed: config.removeButtons is ignored by the advanced toolbar configurator.

Other Changes:

CKEditor 4.5 Beta

New Features:

  • Clipboard (copy&paste, drag&drop) and file uploading features and improvements (#11437).

    • Major features:

      • Support for dropping and pasting files into the editor was introduced. Through a set of new facades for native APIs it is now possible to easily intercept and process inserted files.
      • File upload tools were introduced in order to simplify controlling the loading, uploading and handling server response, properly handle new upload configuration options, etc.
      • Upload Image widget was introduced to upload dropped images. A base class for the upload widget was exposed, too, to make it simple to create new types of upload widgets which can handle any type of dropped file, show the upload progress and update the content when the process is done. It also handles editing and undo/redo operations when a file is being uploaded and integrates with the notification aggregator to show progress and success or error.
      • All drag and drop operations were integrated with the editor. All dropped content is passed through the editor#paste event and a set of new editor events was introduced — dragstart, drop, dragend.
      • The Data Transfer facade was introduced to unify access to data in various types and files. Data Transfer is now always available in the editor#paste event.
      • Switched from the pastebin to using the native clipboard access whenever possible. This solved many issues related to pastebin such as unnecessary scrolling or data loss. Additionally, on copy and cut from the editor the clipboard data is set. Therefore, on paste the editor has access to clean data, undisturbed by the browsers.
      • Drag and drop of inline and block widgets was integrated with the standard clipboard APIs. By listening to drag events you will thus be notified about widgets, too. This opens a possibility to filter pasted and dropped widgets.
      • The editor#paste event can have the range parameter so it is possible to change the paste position in the listener or paste in the not selectable position. Also the editor.insertHtml() method now accepts range as an additional parameter.
      • #11621: A configurable paste filter was introduced. The filter is by default turned to 'semantic-content' on Webkit and Blink for all pasted content coming from external sources because of the low quality of HTML that these engines put into the clipboard. Internal and cross-editor paste is safe due to the change explained in the previous point.
    • Other changes and related fixes:

      • #12095: On drag and copy of widgets the same method is used to get selected HTML as in the normal case. Thanks to that styles applied to inline widgets are not lost.
      • #11219: Fixed: Dragging a captioned image does not fire the editor#paste event.
      • #9554: [Webkit Mac] Fixed: Editor scrolls on paste.
      • #9898: [Webkit&Divarea] Fixed: Pasting causes undesirable scrolling.
      • #11993: [Chrome] Fixed: Pasting content scrolls the document.
      • #12613: Show the user that they can not drop on editor UI (toolbar, bottom bar).
      • #12851: [Blink/Webkit] Fixed: Formatting disappears when pasting content into cells.
      • #12914: Fixed: Copy/Paste of table broken in div-based editor.
    • Browser support.
      Browser support for related features varies significantly (see http://caniuse.com/clipboard).

      • File APIs needed to operate and file upload is not supported in Internet Explorer 9 and below.
      • Only Chrome and Safari on Mac OS support setting custom data items in the clipboard, so currently it is possible to recognize the origin of the copied content in these browsers only. All drag and drop operations can be identified thanks to the new Data Transfer facade.
      • No Internet Explorer browser supports the standard clipboard API which results in small glitches like where only plain text can be dropped from outside the editor. Thanks to the new Data Transfer facade, internal and cross-editor drag and drop supports the full range of data.
      • Direct access to clipboard could only be implemented in Chrome, Safari on Mac OS, Opera and Firefox. In other browsers the pastebin must still be used.
  • #12875: Samples and toolbar configuration tools.

    • The old set of samples shipped with every CKEditor package was replaced with a shiny new single-page sample. This change concluded a long term plan which started from introducing the CKEditor SDK and CKEditor Features Overview section in the documentation which essentially redefined the old samples.
    • Toolbar configurators with live previews were introduced. They will be shipped with every CKEditor package and are meant to help in configuring toolbar layouts.
  • #10925: The Media Embed and Semantic Media Embed plugins were introduced. Read more about the new features in the Embedding Content article.

  • #10931: Added support for nesting widgets. It is now possible to insert one widget into another widget's nested editable. Note that unless nested editable's allowed content is defined precisely, starting from CKEditor 4.5 some widget buttons may become enabled. This feature is not supported in IE8. Included issues:

    • #12018: Fixed and reviewed: Nested widgets garbage collection.
    • #12024: [Firefox] Fixed: Outline is extended to the left by unpositioned drag handlers.
    • #12006: Fixed: Drag and drop of nested block widgets.
    • #12008: Fixed various cases of inserting a single non-editable element using the editor.insertHtml() method. Fixes pasting a widget with a nested editable inside another widget's nested editable.
  • Notification system:

  • #11636: Introduced new, UX-focused, methods for getting selected HTML and deleting it — editor.getSelectedHtml() and editor.extractSelectedHtml().

  • #12416: Added the widget.definition.upcastPriority property which gives more control over widget upcasting order to the widget author.

  • #12036: Initialize the editor in read-only mode when the <textarea> element has a readonly attribute.

  • #11905: The resize event passes the current dimensions in its data.

  • #12126: Introduced config.image_prefillDimensions and config.image2_prefillDimensions to make pre-filling width and height configurable for the Enhanced Image.

  • #12746: Added a new configuration option to hide the Enhanced Image resizer.

  • #12150: Exposed the getNestedEditable() and is* widget helper functions (see the static methods).

  • #12448: Introduced the editable.insertHtmlIntoRange method.

  • #12143: Added the config.floatSpacePreferRight configuration option that switches the alignment of the floating toolbar. Thanks to InvisibleBacon!

  • #10986: Added support for changing dialog input and textarea text directions by using the Shift+Alt+Home/End keystrokes. The direction is stored in the value of the input by prepending the \u202A or \u202B marker to it. Read more in the documentation. Thanks to edithkk!

  • #12770: Added support for passing widget's startup data as a widget command's argument. Thanks to Rebrov Boris and Tieme van Veen!

  • #11583: Added support for the HTML5 required attribute in various form elements. Thanks to Steven Busse!

Changes:

  • #12858: Basic Spartan browser compatibility. Full compatibility will be introduced later, because at the moment Spartan is still too unstable to be used for tests and we see many changes from version to version.
  • #12948: The config.mathJaxLibrary option does not default to the MathJax CDN any more. It needs to be configured to enable the Mathematical Formulas plugin now.
  • #13069: Fixed inconsistencies between editable.insertHtml() and editable.insertElement() when the range parameter is used. Now, the editor.insertElement() method works on a higher level, which means that it saves undo snapshots and sets the selection after insertion. Use the editable.insertElementIntoRange() method directly for the pre 4.5 behavior of editable.insertElement().
  • #12870: Use editor.showNotification() instead of alert() directly whenever possible. When the Notification plugin is loaded, the notification system is used automatically. Otherwise, the native alert() is displayed.
  • #8024: Swapped behavior of the Split Cell Vertically and Horizontally features of the Table Tools plugin to be more intuitive. Thanks to kevinisagit!
  • #10903: Performance improvements for the dom.element.addClass(), dom.element.removeClass() and dom.element.hasClass() methods. Note: The previous implementation allowed passing multiple classes to addClass() although it was only a side effect of that implementation. The new implementation does not allow this.
  • #11856: The jQuery adapter throws a meaningful error if CKEditor or jQuery are not loaded.

Fixed issues:

  • #11586: Fixed: range.cloneContents() should not change the DOM in order not to affect selection.
  • #12148: Fixed: dom.element.getChild() should not modify a passed array.
  • #12503: [Blink/Webkit] Fixed: Incorrect result of Select All and Backspace or Delete.
  • #13001: [Firefox] Fixed: The <br /> filler is placed in the wrong position by the range.fixBlock() method due to quirky Firefox behavior.
  • #13101: [IE8] Fixed: Colons are prepended to HTML5 element names when cloning them.

CKEditor 4.4.8

Security Updates:

  • Fixed XSS vulnerability in the HTML parser reported by Dheeraj Joshi and Prem Kumar.

    Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.

An upgrade is highly recommended!

Fixed Issues:

Other Changes:

CKEditor 4.4.7

Fixed Issues:

  • #12825: Fixed: Preventing the Table Resize plugin from operating on elements outside the editor. Thanks to Paul Martin!
  • #12157: Fixed: Lost text formatting on pressing Tab when the config.tabSpaces configuration option value was greater than zero.
  • #12777: Fixed: The table-layout CSS property should be reset by skins. Thanks to vita10gy!
  • #12812: Fixed: An uncaught security exception is thrown when Line Utilities are used in an inline editor loaded in a cross-domain iframe. Thanks to Vitaliy Zurian!
  • #12735: Fixed: config.fillEmptyBlocks should only apply when outputting data.
  • #10032: Fixed: Paste from Word filter is executed for every paste after using the button.
  • #12597: [Blink/WebKit] Fixed: Multi-byte Japanese characters entry not working properly after Shift+Enter.
  • #12387: Fixed: An error is thrown if a skin does not have the chameleon property defined and config.uiColor is defined.
  • #12747: [IE8-10] Fixed: Opening a drop-down for a specific selection when the editor is maximized results in incorrect drop-down panel position.
  • #12850: [IEQM] Fixed: An error is thrown after focusing the editor.

CKEditor 4.4.6

Security Updates:

  • Fixed XSS vulnerability in the HTML parser reported by Maco Cortes.

    Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.

An upgrade is highly recommended!

New Features:

Fixed Issues:

  • #12506: [Safari] Fixed: Cannot paste into inline editor if the page has user-select: none style. Thanks to shaohua!
  • #12683: Fixed: Filter fails to remove custom tags. Thanks to timselier!
  • #12489 and #12491: Fixed: Various issues related to restoring the selection after performing operations on filler character. See the fixed cases.
  • #12621: Fixed: Cannot remove inline styles (bold, italic, etc.) in empty lines.
  • #12630: [Chrome] Fixed: Selection is placed outside the paragraph when the New Page button is clicked. This patch significantly simplified the way how the initial selection (a selection after the content of the editable is overwritten) is being fixed. That might have fixed many related scenarios in all browsers.
  • #11647: Fixed: The editor.blur event is not fired on first blur after initializing the inline editor on an already focused element.
  • #12601: Fixed: Strikethrough button tooltip spelling.
  • #12546: Fixed: The Preview tab in the Document Properties dialog window is always disabled.
  • #12300: Fixed: The editor.change event fired on first navigation key press after typing.
  • #12141: Fixed: List items are lost when indenting a list item with content wrapped with a block element.
  • #12515: Fixed: Cursor is in the wrong position when undoing after adding an image and typing some text.
  • #12484: [Blink/WebKit] Fixed: DOM is changed outside the editor area in a certain case.
  • #12688: Improved the tests of the styles system and fixed two minor issues.
  • #12403: Fixed: Changing the font style should not lead to nesting it in the previous style element.
  • #12609: Fixed: Incorrect config.magicline_putEverywhere name used for a Magic Line all-encompassing config.magicline_everywhere configuration option.

CKEditor 4.4.5

New Features:

Fixed Issues:

  • #12423: [Safari7.1+] Fixed: Enter key moved cursor to a strange position.
  • #12381: [iOS] Fixed: Selection issue. Thanks to Remiremi!
  • #10804: Fixed: CKEDITOR_GETURL is not used with some plugins where it should be used. Thanks to Thomas Andraschko!
  • #9137: Fixed: The <base> tag is not created when <head> has an attribute. Thanks to naoki.fujikawa!
  • #12377: Fixed: Errors thrown in the Image plugin when removing preview from the dialog window definition. Thanks to Axinet!
  • #12162: Fixed: Auto paragraphing and Enter key in nested editables.
  • #12315: Fixed: Marked config.autoParagraph as deprecated.
  • #12113: Fixed: A code snippet should be presented in the elements path as "code snippet" (translatable).
  • #12311: Fixed: Remove Format should also remove <cite> elements.
  • #12261: Fixed: The filter is not destroyed and removed from CKEDITOR.filter.instances on editor destroy.
  • #12398: Fixed: Maximize does not work on an instance without a title.
  • #12097: Fixed: JAWS not reading the number of options correctly in the Text Color and Background Color button menu.
  • #12411: Fixed: Page Break used directly in the editable breaks the editor.
  • #12354: Fixed: Various issues in undo manager when holding keys.
  • #12324: [IE8] Fixed: Undo steps are not recorded when changing the caret position by clicking below the body.
  • #12332: Fixed: Lowered DOM events listeners' priorities in undo manager in order to avoid ambiguity.
  • #12402: [Blink] Fixed: Workaround for Blink bug with document.title which breaks updating title in the full HTML mode.
  • #12338: Fixed: The CKEditor package contains unoptimized images.

CKEditor 4.4.4

Fixed Issues:

  • #12268: Cleanup of UI Color YUI styles. Thanks to CasherWest!
  • #12263: Fixed: Paste from Word filter does not properly normalize semicolons style text. Thanks to Alin Purcaru!
  • #12243: Fixed: Text formatting lost when pasting from Word. Thanks to Alin Purcaru!
  • #111739: Fixed: keypress listeners should not be used in the undo manager. A complete rewrite of keyboard handling in the undo manager was made. Numerous smaller issues were fixed, among others:
  • #10916: Fixed: Magic Line icon in Right-To-Left environments.
  • #11970: [IE] Fixed: CKEditor paste event is not fired when pasting with Shift+Ins.
  • #12111: Fixed: Linked image attributes are not read when opening the image dialog window by doubleclicking.
  • #10030: [IE] Fixed: Prevented "Unspecified Error" thrown in various cases when IE8-9 does not allow access to document.activeElement.
  • #12273: Fixed: Applying block style in a description list breaks it.
  • #12218: Fixed: Minor syntax issue in CSS files.
  • #12178: [Blink/WebKit] Fixed: Iterator does not return the block if the selection is located at the end of it.
  • #12185: [IE9QM] Fixed: Error thrown when moving the mouse over focused editor's scrollbar.
  • #12215: Fixed: Basepath resolution does not recognize semicolon as a query separator.
  • #12135: Fixed: Remove Format does not work on widgets.
  • #12298: [IE11] Fixed: Clicking below <body> in Compatibility Mode will no longer reset selection to the first line.
  • #12204: Fixed: Editor's voice label is not affected by config.title.
  • #11915: Fixed: With SCAYT enabled, cursor moves to the beginning of the first highlighted, misspelled word after typing or pasting into the editor.
  • SCAYT: Fixed: Error thrown in the console after enabling SCAYT and trying to add a new image.

Other Changes:

  • #12296: Merged benderjs-ckeditor into the main CKEditor repository.

CKEditor 4.4.3

Security Updates:

  • Fixed XSS vulnerability in the Preview plugin reported by Mario Heiderich of Cure53.

An upgrade is highly recommended!

New Features:

  • #12164: Added the "Justify" option to the "Horizontal Alignment" drop-down in the Table Cell Properties dialog window.

Fixed Issues:

  • #12110: Fixed: Editor crash after deleting a table. Thanks to Alin Purcaru!
  • #11897: Fixed: Enter key used in an empty list item creates a new line instead of breaking the list. Thanks to noam-si!
  • #12140: Fixed: Double-clicking linked widgets opens two dialog windows.
  • #12132: Fixed: Image is inserted with width and height styles even when they are not allowed.
  • #9317: [IE] Fixed: config.disableObjectResizing does not work on IE. Note: We were not able to fix this issue on IE11+ because necessary events stopped working. See a last resort workaround and make sure to support our complaint to Microsoft.
  • #9638: Fixed: There should be no information about accessibility help available under the Alt+0 keyboard shortcut if the Accessibility Help plugin is not available.
  • #8117 and #9186: Fixed: In HTML5 <meta> tags should be allowed everywhere, including inside the <body> element.
  • #10422: Fixed: config.fillEmptyBlocks not working properly if a function is specified.

CKEditor 4.4.2

Important Notes:

  • The CKEditor testing environment is now publicly available. Read more about how to set up the environment and execute tests in the CKEditor Testing Environment guide. Please note that the tests/ directory which contains editor tests is not available in release packages. It can only be found in the development version of CKEditor on GitHub.

New Features:

Fixed Issues:

  • #11757: Fixed: Imperfections in the Moono skin. Thanks to danyaPostfactum!
  • #10091: Blockquote should be treated like an object by the styles system. Thanks to dan-james-deeson!
  • #11478: Fixed: Issue with passing jQuery objects to adapter configuration.
  • #10867: Fixed: Issue with setting encoded URI as image link.
  • #11983: Fixed: Clicking a nested widget does not focus it. Additionally, performance of the widget.repository.getByElement() method was improved.
  • #12000: Fixed: Nested widgets should be initialized on editor.setData() and nestedEditable.setData().
  • #12022: Fixed: Outer widget's drag handler is not created at all if it has any nested widgets inside.
  • #11960: [Blink/WebKit] Fixed: The caret should be scrolled into view on Backspace and Delete (covers only the merging blocks case).
  • #11306: [OSX][Blink/WebKit] Fixed: No widget entries in the context menu on widget right-click.
  • #11957: Fixed: Alignment labels in the Enhanced Image dialog window are not translated.
  • #11980: [Blink/WebKit] Fixed: <span> elements created when joining adjacent elements (non-collapsed selection).
  • #12009: [Nested widgets] Integration with the Magic Line plugin.
  • #11387: Fixed: role="radiogroup" should be applied only to radio inputs' container.
  • #7975: [IE8] Fixed: Errors when trying to select an empty table cell.
  • #11947: [Firefox+IE11] Fixed: Shift+Enter in lists produces two line breaks.
  • #11972: Fixed: Feature detection in the element.setText() method should not trigger the layout engine.
  • #7634: Fixed: The Flash Dialog plugin omits the allowFullScreen parameter in the editor data if set to true.
  • #11910: Fixed: Enhanced Image does not take config.baseHref into account when updating image dimensions.
  • #11753: Fixed: Wrong checkDirty() method value after focusing or blurring a widget.
  • #11830: Fixed: Impossible to pass some arguments to CKBuilder when using the /dev/builder/build.sh script.
  • #11945: Fixed: Form Elements plugin should not change a core method.
  • #11384: [IE9+] Fixed: IndexSizeError thrown when pasting into a non-empty selection anchored in one text node.

CKEditor 4.4.1

New Features:

  • #9661: Added the option to configure anchor tags with JavaScript code in the href attribute.

Fixed Issues:

  • #11861: [WebKit/Blink] Fixed: Span elements created while joining adjacent elements. Note: This patch only covers cases when Backspace or Delete is pressed on a collapsed (empty) selection. The remaining case, with a non-empty selection, will be fixed in the next release.
  • #10714: [iOS] Fixed: Selection and drop-downs are broken if a touch event listener is used due to a WebKit bug. Thanks to Arty Gus!
  • #11911: Fixed setting the dir attribute for a preloaded language in CKEDITOR.lang. Thanks to Akash Mohapatra!
  • #11926: Fixed: Code Snippet does not decode HTML entities when loading code from the <code> element.
  • #11223: Fixed: Issue when Protected Source was not working in the <title> element.
  • #11859: Fixed: Removed the Source Dialog plugin dependency from the Code Snippet sample.
  • #11754: [Chrome] Fixed: Infinite loop when content includes not closed attributes.
  • #11848: [IE] Fixed: editor.insertElement() throwing an exception when there was no selection in the editor.
  • #11801: Fixed: Editor anchors unavailable when linking the Enhanced Image widget.
  • #11626: Fixed: Table Resize sets invalid column width.
  • #11872: Made element.addClass() chainable symmetrically to element.removeClass().
  • #11813: Fixed: Link lost while pasting a captioned image and restoring an undo snapshot (Enhanced Image).
  • #11814: Fixed: Link and Unlink entries persistently displayed in the Enhanced Image context menu.
  • #11839: [IE9] Fixed: The caret jumps out of the editable area when resizing the editor in the source mode.
  • #11822: [WebKit] Fixed: Editing anchors by double-click is broken in some cases.
  • #11823: [IE8] Fixed: Table Resize throws an error over scrollbar.
  • #11788: Fixed: It is not possible to change the language back to Not set in the Code Snippet dialog window.
  • #11788: Fixed: Filter rules are not applied inside elements with the contenteditable attribute set to true.
  • #11798: Fixed: Inserting a non-editable element inside a table cell breaks the table.
  • #11793: Fixed: Drop-down is not "on" when clicking it while the editor is blurred.
  • #11850: Fixed: Fake objects with the contenteditable attribute set to false are not downcasted properly.
  • #11811: Fixed: Widget's data is not encoded correctly when passed to an attribute.
  • #11777: Fixed encoding ampersand in the Mathematical Formulas plugin.
  • #11880: [IE8-9] Fixed: Linked image has a default thick border.

Other Changes:

  • #11807: Updated jQuery version used in the sample to 1.11.0 and tested CKEditor jQuery Adapter with version 1.11.0 and 2.1.0.
  • #9504: Stopped using deprecated attribute.specified in all browsers except Internet Explorer.
  • #11809: Changed tab size in <pre> to 4 spaces.

CKEditor 4.4

Important Notes:

  • Marked the editor.beforePaste event as deprecated.
  • The default class of captioned images has changed to image (was: caption). Please note that once edited in CKEditor 4.4+, all existing images of the caption class (<figure class="caption">) will be filtered out unless the config.image2_captionedClass option is set to caption. For backward compatibility (i.e. when upgrading), it is highly recommended to use this setting, which also helps prevent CSS conflicts, etc. This does not apply to new CKEditor integrations.
  • Widgets without defined buttons are no longer registered automatically to the Advanced Content Filter. Before CKEditor 4.4 widgets were registered to the ACF which was an incorrect behavior (#11567). This change should not have any impact on standard scenarios, but if your button does not execute the widget command, you need to set allowedContent and requiredContent properties for it manually, because the editor will not be able to find them.
  • The Show Borders plugin was added to the Standard installation package in order to ensure that unstyled tables are still visible for the user (#11665).
  • Since CKEditor 4.4 the editor instance should be passed to CKEDITOR.style methods to ensure full compatibility with other features (e.g. applying styles to widgets requires that). We ensured backward compatibility though, so the CKEDITOR.style will work even when the editor instance is not provided.

New Features:

Other Changes:

  • #11377: Unified internal representation of empty anchors using the fake objects.
  • #11422: Removed Firefox 3.x, Internet Explorer 6 and Opera 12.x leftovers in code.
  • #5217: Setting data (including switching between modes) creates a new undo snapshot. Besides that:
  • The WebSpellChecker plugin was updated to the latest version.

Fixed Issues:

  • #10190: Fixed: Removing block style with editor.removeStyle() should result in a paragraph and not a div.
  • #11727: Fixed: The editor tries to select a non-editable image which was clicked.

CKEditor 4.3.5

New Features:

  • Added new translation: Tatar.

Fixed Issues:

CKEditor 4.3.4

Fixed Issues:

  • #11597: [IE11] Fixed: Error thrown when trying to open the preview using the keyboard.
  • #11544: Placeholders will no longer be upcasted in parents not accepting <span> elements.
  • #8663: Fixed element.renameNode() not clearing the element.getName() cache.
  • #11574: Fixed: Backspace destroying the DOM structure if an inline editable is placed in a list item.
  • #11603: Fixed: Table Resize attaches to tables outside the editable.
  • #9205, #7805, #8216: Fixed: {cke_protected_1} appearing in data in various cases where HTML comments are placed next to " or '.
  • #11635: Fixed: Some attributes are not protected before the content is passed through the fix bin.
  • #11660: [IE] Fixed: Table content is lost when some extra markup is inside the table.
  • #11641: Fixed: Switching between modes in the classic editor removes content styles for the inline editor.
  • #11568: Fixed: Styles drop-down list is not enabled on selection change.

CKEditor 4.3.3

Fixed Issues:

CKEditor 4.3.2

Fixed Issues:

  • #11331: A menu button will have a changed label when selected instead of using the aria-pressed attribute.
  • #11177: Widget drag handler improvements:
    • #11176: Fixed: Initial position is not updated when the widget data object is empty.
    • #11001: Fixed: Multiple synchronous layout recalculations are caused by initial drag handler positioning causing performance issues.
    • #11161: Fixed: Drag handler is not repositioned in various situations.
    • #11281: Fixed: Drag handler and mask are duplicated after widget reinitialization.
  • #11207: [Firefox] Fixed: Misplaced Enhanced Image resizer in the inline editor.
  • #11102: CKEDITOR.template improvements:
    • #11102: Added newline character support.
    • #11216: Added "\'" substring support.
  • #11121: [Firefox] Fixed: High Contrast mode is enabled when the editor is loaded in a hidden iframe.
  • #11350: The default value of config.contentsCss is affected by CKEDITOR.getUrl().
  • #11097: Improved the Autogrow plugin performance when dealing with very big tables.
  • #11290: Removed redundant code in the Source Dialog plugin.
  • #11133: Page Break becomes editable if pasted.
  • #11126: Fixed: Native Undo executed once the bottom of the snapshot stack is reached.
  • #11131: Div Editing Area: Fixed: Error thrown when switching to source mode if the selection was in widget's nested editable.
  • #11139: Div Editing Area: Fixed: Elements Path is not cleared after switching to source mode.
  • #10778: Fixed a bug with range enlargement. The range no longer expands to visible whitespace.
  • #11146: [IE] Fixed: Preview window switches Internet Explorer to Quirks Mode.
  • #10762: [IE] Fixed: JavaScript code displayed in preview window's URL bar.
  • #11186: Introduced the widgets.repository.addUpcastCallback() method that allows to block upcasting given element to a widget.
  • #11307: Fixed: Paste as Plain Text conflict with the MooTools library.
  • #11140: [IE11] Fixed: Anchors are not draggable.
  • #11379: Changed default contents line-height to unitless values to avoid huge text overlapping (like in #9696).
  • #10787: [Firefox] Fixed: Broken replacement of text while pasting into div-based editor.
  • #10884: Widgets integration with the Show Blocks plugin.
  • #11021: Fixed: An error thrown when selecting entire editable contents while fake selection is on.
  • #11086: [IE8] Re-enable inline widgets drag&drop in Internet Explorer 8.
  • #11372: Widgets: Special characters encoded twice in nested editables.
  • #10068: Fixed: Support for protocol-relative URLs.
  • #11283: Enhanced Image: A <div> element with text-align: center and an image inside is not recognised correctly.
  • #11196: Accessibility Instructions: Allowed additional keyboard button labels to be translated in the dialog window.

CKEditor 4.3.1

Important Notes:

  • To match the naming convention, the language button is now Language (#11201).
  • Enhanced Image button, context menu, command, and icon names match those of the Image plugin (#11222).

Fixed Issues:

  • #11244: Changed: The widget.repository.checkWidgets() method now fires the widget.repository.checkWidgets event, so from CKEditor 4.3.1 it is preferred to use the method rather than fire the event.
  • #11171: Fixed: editor.insertElement() and editor.insertText() methods do not call the widget.repository.checkWidgets() method.
  • #11085: [IE8] Replaced preview generated by the Mathematical Formulas widget with a placeholder.
  • #11044: Enhanced WAI-ARIA support for the Language plugin drop-down menu.
  • #11075: With drop-down menu button focused, pressing the Down Arrow key will now open the menu and focus its first option.
  • #11165: Fixed: The File Browser plugin cannot be removed from the editor.
  • #11159: [IE9-10] Enhanced Image: Fixed buggy discovery of image dimensions.
  • #11101: Drop-down lists no longer break when given double quotes.
  • #11077: Enhanced Image: Empty undo step recorded when resizing the image.
  • #10853: Enhanced Image: Widget has paragraph wrapper when de-captioning unaligned image.
  • #11198: Widgets: Drag handler is not fully visible when an inline widget is in a heading.
  • #11132: [Firefox] Fixed: Caret is lost after drag and drop of an inline widget.
  • #11182: [IE10-11] Fixed: Editor crashes (IE11) or works with minor issues (IE10) if a page is loaded in Quirks Mode. See env.quirks for more details.
  • #11204: Added figure and figcaption styles to the contents.css file so Enhanced Image looks nicer.
  • #11202: Fixed: No newline in BBCode mode.
  • #10890: Fixed: Error thrown when pressing the Delete key in a list item.
  • #10055: [IE8-10] Fixed: Delete pressed on a selected image causes the browser to go back.
  • #11183: Fixed: Inserting a horizontal rule or a table in multiple row selection causes a browser crash. Additionally, the editor.insertElement() method does not insert the element into every range of a selection any more.
  • #11042: Fixed: Selection made on an element containing a non-editable element was not auto faked.
  • #11125: Fixed: Keyboard navigation through menu and drop-down items will now cycle.
  • #11011: Fixed: The editor.applyStyle() method removes attributes from nested elements.
  • #11179: Fixed: editor.destroy() does not cleanup content generated by the Table Resize plugin for inline editors.
  • #11237: Fixed: Table border attribute value is deleted when pasting content from Microsoft Word.
  • #11250: Fixed: HTML entities inside the <textarea> element are not encoded.
  • #11260: Fixed: Initially disabled buttons are not read by JAWS as disabled.
  • #11200: Added Clipboard plugin as a dependency for Widget to fix drag and drop.

CKEditor 4.3

New Features:

  • #10612: Internet Explorer 11 support.
  • #10869: Widgets: Added better integration with the Elements Path plugin.
  • #10886: Widgets: Added tooltip to the drag handle.
  • #10933: Widgets: Introduced drag and drop of block widgets with the Line Utilities plugin.
  • #10936: Widget System changes for easier integration with other dialog systems.
  • #10895: Enhanced Image: Added file browser integration.
  • #11002: Added the draggable option to disable drag and drop support for widgets.
  • #10937: Mathematical Formulas widget improvements:
    • loading indicator (#10948),
    • applying paragraph changes (like font color change) to iframe (#10841),
    • Firefox and IE9 clipboard fixes (#10857),
    • fixing same origin policy issue (#10840),
    • fixing undo bugs (#10842, #10930),
    • fixing other minor bugs.
  • #10862: Placeholder plugin was rewritten as a widget.
  • #10822: Added styles system integration with non-editable elements (for example widgets) and their nested editables. Styles cannot change non-editable content and are applied in nested editable only if allowed by its type and content filter.
  • #10856: Menu buttons will now toggle the visibility of their panels when clicked multiple times. Language plugin fixes: Added active language highlighting, added an option to remove the language.
  • #10028: New config.dialog_noConfirmCancel configuration option that eliminates the need to confirm closing of a dialog window when the user changed any of its fields.
  • #10848: Integrate remaining plugins (Styles, Format, Font, Color Button, Language and Indent) with active filter.
  • #10855: Change the extension of emoticons in the BBCode sample from GIF to PNG.

Fixed Issues:

  • #10831: Enhanced Image: Merged image2inline and image2block into one image2 widget.
  • #10835: Enhanced Image: Improved visibility of the resize handle.
  • #10836: Enhanced Image: Preserve custom mouse cursor while resizing the image.
  • #10939: [Firefox] Enhanced Image: hovering the image causes it to change.
  • #10866: Fixed: Broken Tab key navigation in the Enhanced Image dialog window.
  • #10833: Fixed: Lock ratio option should be on by default in the Enhanced Image dialog window.
  • #10881: Various improvements to Enter key behavior in nested editables.
  • #10879: Remove Format should not leak from a nested editable.
  • #10877: Fixed: WebSpellChecker fails to apply changes if a nested editable was focused.
  • #10877: Fixed: SCAYT blocks typing in nested editables.
  • #11079: Add button icons to the Placeholder sample.
  • #10870: The paste command is no longer being disabled when the clipboard is empty.
  • #10854: Fixed: Firefox prepends <br> to <body>, so it is stripped by the HTML data processor.
  • #10823: Fixed: Link plugin does not work with non-editable content.
  • #10828: Magic Line integration with the Widget System.
  • #10865: Improved hiding copybin, so copying widgets works smoothly.
  • #11066: Widget's private parts use CSS reset.
  • #11027: Fixed: Block commands break on widgets; added the contentDomInvalidated event.
  • #10430: Resolve dependence of the Image plugin on the Form Elements plugin.
  • #10911: Fixed: Browser Alt hotkeys will no longer be blocked while a widget is focused.
  • #11082: Fixed: Selected widget is not copied or cut when using toolbar buttons or context menu.
  • #11083: Fixed list and div element application to block widgets.
  • #10887: Internet Explorer 8 compatibility issues related to the Widget System.
  • #11074: Temporarily disabled inline widget drag and drop, because of seriously buggy native range#moveToPoint method.
  • #11098: Fixed: Wrong selection position after undoing widget drag and drop.
  • #11110: Fixed: IFrame and Flash objects are being incorrectly pasted in certain conditions.
  • #11129: Page break is lost when loading data.
  • #11123: [Firefox] Widget is destroyed after being dragged outside of <body>.
  • #11124: Fixed the Elements Path in an editor using the Div Editing Area.

CKEditor 4.3 Beta

New Features:

CKEditor 4.2.3

Fixed Issues:

  • #10994: Fixed: Loading external jQuery library when opening the jQuery Adapter sample directly from file.
  • #10975: [IE] Fixed: Error thrown while opening the color palette.
  • #9929: [Blink/WebKit] Fixed: A non-breaking space is created once a character is deleted and a regular space is typed.
  • #10963: Fixed: JAWS issue with the keyboard shortcut for Magic Line.
  • #11096: Fixed: TypeError: Object has no method 'is'.

CKEditor 4.2.2

Fixed Issues:

  • #9314: Fixed: Incorrect error message on closing a dialog window without saving changs.
  • #10308: [IE10] Fixed: Unspecified error when deleting a row.
  • #10945: [Chrome] Fixed: Clicking with a mouse inside the editor does not show the caret.
  • #10912: Prevent default action when content of a non-editable link is clicked.
  • #10913: Fixed CKEDITOR.plugins.addExternal() not handling paths including file name specified.
  • #10666: Fixed CKEDITOR.tools.isArray() not working cross frame.
  • #10910: [IE9] Fixed JavaScript error thrown in Compatibility Mode when clicking and/or typing in the editing area.
  • #10868: [IE8] Prevent the browser from crashing when applying the Inline Quotation style.
  • #10915: Fixed: Invalid CSS filter in the Kama skin.
  • #10914: Plugins Indent List and Indent Block are now included in the build configuration.
  • #10812: Fixed range.createBookmark2() incorrectly normalizing offsets. This bug was causing many issues: #10850, #10842.
  • #10951: Reviewed and optimized focus handling on panels (combo, menu buttons, color buttons, and context menu) to enhance accessibility. Fixed #10705, #10706 and #10707.
  • #10704: Fixed a JAWS issue with the Select Color dialog window title not being announced.
  • #10753: The floating toolbar in inline instances now has a dedicated accessibility label.

CKEditor 4.2.1

Fixed Issues:

  • #10301: [IE9-10] Undo fails after 3+ consecutive paste actions with a JavaScript error.
  • #10689: Save toolbar button saves only the first editor instance.
  • #10368: Move language reading direction definition (dir) from main language file to core.
  • #9330: Fixed pasting anchors from MS Word.
  • #8103: Fixed pasting nested lists from MS Word.
  • #9958: [IE9] Pressing the "OK" button will trigger the onbeforeunload event in the popup dialog.
  • #10662: Fixed styles from the Styles drop-down list not registering to the ACF in case when the Shared Spaces plugin is used.
  • #9654: Problems with Internet Explorer 10 Quirks Mode.
  • #9816: Floating toolbar does not reposition vertically in several cases.
  • #10646: Removing a selected sublist or nested table with Backspace/Delete removes the parent element.
  • #10623: [WebKit] Page is scrolled when opening a drop-down list.
  • #10004: [ChromeVox] Button names are not announced.
  • #10731: WebSpellChecker plugin breaks cloning of editor configuration.
  • It is now possible to set per instance WebSpellChecker plugin configuration instead of setting the configuration globally.

CKEditor 4.2

Important Notes:

  • Dropped compatibility support for Internet Explorer 7 and Firefox 3.6.

  • Both the Basic and the Standard distribution packages will not contain the new Indent Block plugin. Because of this the Advanced Content Filter might remove block indentations from existing contents. If you want to prevent this, either add an appropriate ACF rule to your filter or create a custom build based on the Basic/Standard package and add the Indent Block plugin in CKBuilder.

New Features:

Fixed Issues:

  • #10599: Indent plugin is no longer required by the List plugin.
  • #10370: Inconsistency in data events between framed and inline editors.
  • #10438: [FF, IE] No selection is done on an editable element on executing editor.setData().

CKEditor 4.1.3

New Features:

  • Added new translation: Indonesian.

Fixed Issues:

CKEditor 4.1.2

New Features:

  • Added new translation: Sinhala.

Fixed Issues:

  • #10339: Fixed: Error thrown when inserted data was totally stripped out after filtering and processing.
  • #10298: Fixed: Data processor breaks attributes containing protected parts.
  • #10367: Fixed: editable.insertText() loses characters when RegExp replace controls are being inserted.
  • #10165: [IE] Access denied error when document.domain has been altered.
  • #9761: Update the Backspace key state in keystrokeHandler.blockedKeystrokes when calling editor.setReadOnly().
  • #6504: Fixed: Race condition while loading several config.customConfig files.
  • #10146: [Firefox] Empty lines are being removed while config.enterMode is CKEDITOR.ENTER_BR.
  • #10360: Fixed: ARIA role="application" should not be used for dialog windows.
  • #10361: Fixed: ARIA role="application" should not be used for floating panels.
  • #10510: Introduced unique voice labels to differentiate between different editor instances.
  • #9945: [iOS] Scrolling not possible on iPad.
  • #10389: Fixed: Invalid HTML in the "Text and Table" template.
  • WebSpellChecker plugin user interface was changed to match CKEditor 4 style.

CKEditor 4.1.1

New Features:

  • Added new translation: Albanian.

Fixed Issues:

  • #10172: Pressing Delete or Backspace in an empty table cell moves the cursor to the next/previous cell.
  • #10219: Error thrown when destroying an editor instance in parallel with a mouseup event.
  • #10265: Wrong loop type in the File Browser plugin.
  • #10249: Wrong undo/redo states at start.
  • #10268: Show Blocks does not recover after switching to Source view.
  • #9995: HTML code in the <textarea> should not be modified by the htmlDataProcessor.
  • #10320: Justify plugin should add elements to Advanced Content Filter based on current Enter mode.
  • #10260: Fixed: Advanced Content Filter blocks tabSpaces. Unified data-cke-* attributes filtering.
  • #10315: [WebKit] Undo manager should not record snapshots after a filling character was added/removed.
  • #10291: [WebKit] Space after a filling character should be secured.
  • #10330: [WebKit] The filling character is not removed on keydown in specific cases.
  • #10285: Fixed: Styled text pasted from MS Word causes an infinite loop.
  • #10131: Fixed: undoManager.update() does not refresh the command state.
  • #10337: Fixed: Unable to remove <s> using Remove Format.

CKEditor 4.1

Fixed Issues:

  • #10192: Closing lists with the Enter key does not work with Advanced Content Filter in several cases.
  • #10191: Fixed allowed content rules unification, so the filter.allowedContent property always contains rules in the same format.
  • #10224: Advanced Content Filter does not remove non-empty <a> elements anymore.
  • Minor issues in plugin integration with Advanced Content Filter:
    • #10166: Added transformation from the align attribute to float style to preserve backward compatibility after the introduction of Advanced Content Filter.
    • #10195: Image plugin no longer registers rules for links to Advanced Content Filter.
    • #10213: Justify plugin is now correctly registering rules to Advanced Content Filter when config.justifyClasses is defined.

CKEditor 4.1 RC

New Features:

  • #9829: Advanced Content Filter - data and features activation based on editor configuration.

    Brand new data filtering system that works in 2 modes:

    • Based on loaded features (toolbar items, plugins) - the data will be filtered according to what the editor in its current configuration can handle.
    • Based on config.allowedContent rules - the data will be filtered and the editor features (toolbar items, commands, keystrokes) will be enabled if they are allowed.

    See the datafiltering.html sample, guides and CKEDITOR.filter API documentation.

  • #9387: Reintroduced Shared Spaces - the ability to display toolbar and bottom editor space in selected locations and to share them by different editor instances.

  • #9907: Added the contentPreview event for preview data manipulation.

  • #9713: Introduced the Source Dialog plugin that brings raw HTML editing for inline editor instances.

  • Included in #9829: Introduced new events, toHtml and toDataFormat, allowing for better integration with data processing.

  • #9981: Added ability to filter htmlParser.fragment, htmlParser.element etc. by many htmlParser.filters before writing structure to an HTML string.

  • Included in #10103:

  • #9796: Introduced <s> as a default tag for strikethrough, which replaces obsolete <strike> in HTML5.

CKEditor 4.0.3

Fixed Issues:

  • #10196: Fixed context menus not opening with keyboard shortcuts when Autogrow is enabled.
  • #10212: [IE7-10] Undo command throws errors after multiple switches between Source and WYSIWYG view.
  • #10219: [Inline editor] Error thrown after calling editor.destroy().

CKEditor 4.0.2

Fixed Issues:

  • #9779: Fixed overriding CKEDITOR.getUrl() with CKEDITOR_GETURL.
  • #9772: Custom buttons in the dialog window footer have different look and size (Moono, Kama skins).
  • #9029: Custom styles added with the stylesSet.add() are displayed in the wrong order.
  • #9887: Disable Magic Line when editor.readOnly is set.
  • #9882: Fixed empty document title on editor.getData() if set via the Document Properties dialog window.
  • #9773: Fixed rendering problems with selection fields in the Kama skin.
  • #9851: The selectionChange event is not fired when mouse selection ended outside editable.
  • #9903: [Inline editor] Bad positioning of floating space with page horizontal scroll.
  • #9872: editor.checkDirty() returns true when called onload. Removed the obsolete editor.mayBeDirty flag.
  • #9893: [IE] Fixed broken toolbar when editing mixed direction content in Quirks mode.
  • #9845: Fixed TAB navigation in the Link dialog window when the Anchor option is used and no anchors are available.
  • #9883: Maximizing was making the entire page editable with divarea-based editors.
  • #9940: [Firefox] Navigating back to a page with the editor was making the entire page editable.
  • #9966: Fixed: Unable to type square brackets with French keyboard layout. Changed Magic Line keystrokes.
  • #9507: [Firefox] Selection is moved before editable position when the editor is focused for the first time.
  • #9947: [WebKit] Editor overflows parent container in some edge cases.
  • #10105: Fixed: Broken sourcearea view when an RTL language is set.
  • #10123: [WebKit] Fixed: Several dialog windows have broken layout since the latest WebKit release.
  • #10152: Fixed: Invalid ARIA property used on menu items.

CKEditor 4.0.1.1

Fixed Issues:

  • Security update: Added protection against XSS attack and possible path disclosure in the PHP sample.

CKEditor 4.0.1

Fixed Issues:

  • #9655: Support for IE Quirks Mode in the new Moono skin.
  • Accessibility issues (mainly in inline editor): #9364, #9368, #9369, #9370, #9541, #9543, #9841, #9844.
  • Magic Line plugin:
    • #9481: Added accessibility support for Magic Line.
    • #9509: Added Magic Line support for forms.
    • #9573: Magic Line does not disappear on mouseout in a specific case.
  • #9754: [WebKit] Cutting & pasting simple unformatted text generates an inline wrapper in WebKit browsers.
  • #9456: [Chrome] Properly paste bullet list style from MS Word.
  • #9699, #9758: Improved selection locking when selecting by dragging.
  • Context menu:
    • #9712: Opening the context menu destroys editor focus.
    • #9366: Context menu should be displayed over the floating toolbar.
    • #9706: Context menu generates a JavaScript error in inline mode when the editor is attached to a header element.
  • #9800: Hide float panel when resizing the window.
  • #9721: Padding in content of div-based editor puts the editing area under the bottom UI space.
  • #9528: Host page box-sizing style should not influence the editor UI elements.
  • #9503: Form Elements plugin adds context menu listeners only on supported input types. Added support for tel, email, search and url input types.
  • #9769: Improved floating toolbar positioning in a narrow window.
  • #9875: Table dialog window does not populate width correctly.
  • #8675: Deleting cells in a nested table removes the outer table cell.
  • #9815: Cannot edit dialog window fields in an editor initialized in the jQuery UI modal dialog.
  • #8888: CKEditor dialog windows do not show completely in a small window.
  • #9360: [Inline editor] Blocks shown for a <div> element stay permanently even after the user exits editing the <div>.
  • #9531: [Firefox & Inline editor] Toolbar is lost when closing the Format drop-down list by clicking its button.
  • #9553: Table width incorrectly set when the border-width style is specified.
  • #9594: Cannot tab past CKEditor when it is in read-only mode.
  • #9658: [IE9] Justify not working on selected images.
  • #9686: Added missing contents styles for <pre> elements.
  • #9709: Paste from Word should not depend on configuration from other styles.
  • #9726: Removed Color Dialog plugin dependency from Table Tools.
  • #9765: Toolbar Collapse command documented incorrectly in the Accessibility Instructions dialog window.
  • #9771: [WebKit & Opera] Fixed scrolling issues when pasting.
  • #9787: [IE9] onChange is not fired for checkboxes in dialogs.
  • #9842: [Firefox 17] When opening a toolbar menu for the first time and pressing the Down Arrow key, focus goes to the next toolbar button instead of the menu options.
  • #9847: Elements Path should not be initialized in the inline editor.
  • #9853: editor.addRemoveFormatFilter() is exposed before it really works.
  • #8893: Value of the pasteFromWordCleanupFile configuration option is now taken from the instance configuration.
  • #9693: Removed "Live Preview" checkbox from UI color picker.

CKEditor 4.0

The first stable release of the new CKEditor 4 code line.

The CKEditor JavaScript API has been kept compatible with CKEditor 4, whenever possible. The list of relevant changes can be found in the API Changes page of the CKEditor 4 documentation.