<figure>tag with an
imageclass is upcasted.
getValue()function is defined in the global scope.
Fixed XSS vulnerability in the HTML parser reported by maxarr.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.
An upgrade is highly recommended!
aria-haspopupproperty values. The Menu Button
aria-haspopupvalue is now
menu, the Panel Button and Rich Combo
aria-haspopupvalue is now
contextmenu_contentsCssconfiguration option to allow adding custom CSS to the Context Menu.
requiredattribute is not correctly recognized by the Form Elements plugin dialog. Thanks to Roli Züger!
Permission deniedis thrown when opening a Panel instance.
config.forceSimpleAmpersandoption does not work. Thanks to Alex Maris!
Escape HTML Entities] plugin with custom additional entities configuration breaks HTML escaping.
(Selected)text at the end of the label when clicked.
onAbortmethod of the Upload Widget is not called when the loader is aborted.
CKEDITOR.filter.instancesis causing memory leaks.
CKEDITOR.ui.panel.block.getItemsmethod now also returns
inputelements in addition to links.
CKEDITOR.tools.convertToPxfunction now converts negative values.
insertmethod now passes
commandData. Thanks to marcparmet!
tools.throttlefunctions logic into a separate namespace.
CKEDITOR.filterconstructor accepts an additional
rulesparameter allowing to bind the editor and filter together.
editor.getCommandKeystrokemethod accepts an additional
allparameter allowing to retrieve an array of all command keystrokes.
hasArrowdefinition option can by identified by the
editor.destroy()during the file upload throws an error. Thanks to Maksim Makarevich!
idattribute. Thanks to Nathan Samson!
<font>tag is not preserved when proper configuration is provided and a style is applied by the Font plugin.
paramare removed from the editor content.
CKEDITOR.dialog.definition.onHideAPI documentation. Thanks to sunnyone!
\u3000) is lost when pasting text.
config.forcePasteAsPlainTextoption is not respected in internal and cross-editor pasting.
replacedialog from the Find / Replace plugin with a
tabIdoption in the
CKEDITOR.editor.addCommand()method can now accept a
CKEDITOR.commandinstance as a parameter.
pluginsconfiguration options allow whitespace.
pluginsconfiguration options allow passing plugin names as an array.
getClientRect()function allowing to retrieve an absolute bounding rectangle of the element, i.e. a position relative to the upper-left corner of the topmost viewport.
CKEDITOR.dom.range. It returns a list of rectangles for each selected element.
gv_GB) and Interlingua (
altattribute for the logo image in the About tab of SCAYT.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2019-ae7f274d24
Please login to add feedback.