Fixed Issues:
font-style
family property correctly, removing quotes and whitespace from font names.config.autoGrow_onStartup
option set to true
does not work properly for an editor that is not visible.onerror
and onload
events are not used in browsers it could have been used when loading scripts dynamically.Fixed Issues:
min-height
style for the <body>
element and the height
style for the <html>
element breaks the Auto Grow plugin.<iframe>
element.dom.element.removeAttribute()
method does not remove all attributes if no parameter is given.CKEDITOR.style
instance with the styles
property by CKEDITOR.filter
.New Features:
config.colorButton_enableAutomatic
option to allow hiding the "Automatic" option in the color picker.Fixed Issues:
New Features:
Fixed Issues:
IndexSizeError
when using the Div Editing Area and Content Templates plugins.editor.getData()
fails when the cursor is next to an <hr>
tag.editor.getData()
throw an error when an image is the only data in the editor.New Features:
CKEDITOR.tools.getCookie()
and CKEDITOR.tools.setCookie()
methods for accessing cookies.CKEDITOR.tools.getCsrfToken()
method. The CSRF token is now automatically sent by the File Browser and File Tools plugins during file uploads. The server-side upload handlers may check it and use it to additionally secure the communication.Other Changes:
Fixed Issues:
target
attribute value. Thanks to SamZiemer!undefined
string is appended to an email address added with the Link plugin if subject and email body are empty and config.emailProtection
is set to encode
.<iframe>
after the editor was detached from DOM. Thanks to Stefan Rijnhart!classList
polyfill is used.editor.drop
event.background-image
path needs single quotes around the URL value.contents.css
style is not used if the IFrame Editing Area plugin is missing.isContentEditable
property of an <input>
DOM element.Other Changes:
bender.tools.createTestsForEditors
will also receive editor bot as a second parameter.New Features:
Fixed Issues:
onChange
does not work. Thanks to Iliya Kostadinov!<div>
element.<body>
element is not handled correctly.<h1-6>
element to be a child of the <summary>
element.name
attribute.Other Changes:
CKEDITOR.env.mobile
as deprecated. The reason is that it is no longer clear what "mobile" means.New Features:
config.fileTools_defaultFileName
option to allow setting a default file name for paste uploads.Fixed Issues:
editor.getSelectedHtml()
method returns invalid results for entire content selection.Other Changes:
Fixed Issues:
<textarea>
element storing editor configuration in the toolbar configurator.CKEDITOR.plugins.clipboard.isHtmlInExternalDataTransfer
property as the check must be dynamic.DataTransfer.getData()
should work consistently in all browsers and should not strip valuable content. Fixed pasting tables from Microsoft Excel on Chrome.dataTransfer
does not work if text
data was set in the meantime.editor.getSnapshot()
may return a non-string value.Other Changes:
Fixed Issues:
New Features:
config.sharedSpaces
. Thanks to Undergrounder!dialog#setState()
method and used it in the Embed dialog to indicate that a resource is being loaded.repository.onWidget()
method — a convenient way to listen to widget events through the repository.Fixed Issues:
editor.getSelectedHtml()
method throws an error when called in the source mode.internalCommit
argument in the Image dialog seems to be never used.CKEDITOR.tools.htmlEncode()
and CKEDITOR.tools.htmlDecode()
methods.range.cloneContents()
and range.extractContents()
methods which now clone IDs similarly to their native counterparts.cloneId
arguments to the above methods, range.splitBlock()
and element.breakParent()
. Mind the default values and special behavior in the extractContents()
method!config.removeButtons
is ignored by the advanced toolbar configurator.Other Changes:
CKEDITOR.env.isCompatible
a blacklist rather than a whitelist. More about the change in the Browser Compatibility guide.CKEDITOR.fileTools.UploadsRepository
to CKEDITOR.fileTools.UploadRepository
and changed all related properties.lang.image.alertUrl
token from the Image plugin.New Features:
Clipboard (copy&paste, drag&drop) and file uploading features and improvements (#11437).
editor#paste
event and a set of new editor events was introduced — dragstart
, drop
, dragend
.editor#paste
event.editor#paste
event can have the range
parameter so it is possible to change the paste position in the listener or paste in the not selectable position. Also the editor.insertHtml()
method now accepts range
as an additional parameter.#11621: A configurable paste filter was introduced. The filter is by default turned to 'semantic-content'
on Webkit and Blink for all pasted content coming from external sources because of the low quality of HTML that these engines put into the clipboard. Internal and cross-editor paste is safe due to the change explained in the previous point.
Other changes and related fixes:
#12095: On drag and copy of widgets the same method is used to get selected HTML as in the normal case. Thanks to that styles applied to inline widgets are not lost.
#11219: Fixed: Dragging a captioned image does not fire the editor#paste
event.
#9554: [Webkit Mac] Fixed: Editor scrolls on paste.
#9898: [Webkit&Divarea] Fixed: Pasting causes undesirable scrolling.
#11993: [Chrome] Fixed: Pasting content scrolls the document.
#12613: Show the user that they can not drop on editor UI (toolbar, bottom bar).
#12851: [Blink/Webkit] Fixed: Formatting disappears when pasting content into cells.
#12914: Fixed: Copy/Paste of table broken in div
-based editor.
Browser support.
Browser support for related features varies significantly (see http://caniuse.com/clipboard).
File APIs needed to operate and file upload is not supported in Internet Explorer 9 and below.
Only Chrome and Safari on Mac OS support setting custom data items in the clipboard, so currently it is possible to recognize the origin of the copied content in these browsers only. All drag and drop operations can be identified thanks to the new Data Transfer facade.
No Internet Explorer browser supports the standard clipboard API which results in small glitches like where only plain text can be dropped from outside the editor. Thanks to the new Data Transfer facade, internal and cross-editor drag and drop supports the full range of data.
Direct access to clipboard could only be implemented in Chrome, Safari on Mac OS, Opera and Firefox. In other browsers the pastebin must still be used.
#12875: Samples and toolbar configuration tools.
#10925: The Media Embed and Semantic Media Embed plugins were introduced. Read more about the new features in the Embedding Content article.
#10931: Added support for nesting widgets. It is now possible to insert one widget into another widget's nested editable. Note that unless nested editable's allowed content is defined precisely, starting from CKEditor 4.5 some widget buttons may become enabled. This feature is not supported in IE8. Included issues:
editor.insertHtml()
method. Fixes pasting a widget with a nested editable inside another widget's nested editable.Notification system:
#11636: Introduced new, UX-focused, methods for getting selected HTML and deleting it — editor.getSelectedHtml()
and editor.deleteSelectedHtml()
.
#12416: Added the widget.definition.upcastPriority
property which gives more control over widget upcasting order to the widget author.
#12036: Initialize the editor in read-only mode when the <textarea>
element has a readonly
attribute.
#11905: The resize
event passes the current dimensions in its data.
#12126: Introduced config.image_prefillDimensions
and config.image2_prefillDimensions
to make pre-filling width
and height
configurable for the Enhanced Image.
#12746: Added a new configuration option to hide the Enhanced Image resizer.
#12150: Exposed the getNestedEditable()
and is*
widget helper functions (see the static methods).
#12448: Introduced the editable.insertHtmlIntoRange
method.
#12143: Added the config.floatSpacePreferRight
configuration option that switches the alignment of the floating toolbar. Thanks to InvisibleBacon!
#10986: Added support for changing dialog input and textarea text directions by using the Shift+Alt+Home/End keystrokes. The direction is stored in the value of the input by prepending the \u202A
or \u202B
marker to it. Read more in the documentation. Thanks to edithkk!
#12770: Added support for passing widget's startup data as a widget command's argument. Thanks to Rebrov Boris and Tieme van Veen!
#11583: Added support for the HTML5 required
attribute in various form elements. Thanks to Steven Busse!
Changes:
config.mathJaxLibrary
option does not default to the MathJax CDN any more. It needs to be configured to enable the Mathematical Formulas plugin now.editable.insertHtml()
and editable.insertElement()
when the range
parameter is used. Now, the editor.insertElement()
method works on a higher level, which means that it saves undo snapshots and sets the selection after insertion. Use the editable.insertElementIntoRange()
method directly for the pre 4.5 behavior of editable.insertElement()
.editor.showNotification()
instead of alert()
directly whenever possible. When the Notification plugin is loaded, the notification system is used automatically. Otherwise, the native alert()
is displayed.dom.element.addClass()
, dom.element.removeClass()
and dom.element.hasClass()
methods. Note: The previous implementation allowed passing multiple classes to addClass()
although it was only a side effect of that implementation. The new implementation does not allow this.Fixed issues:
range.cloneContents()
should not change the DOM in order not to affect selection.dom.element.getChild()
should not modify a passed array.<br />
filler is placed in the wrong position by the range.fixBlock()
method due to quirky Firefox behavior.Security Updates:
Fixed XSS vulnerability in the HTML parser reported by Dheeraj Joshi and Prem Kumar.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.
An upgrade is highly recommended!
Fixed Issues:
CKEDITOR.dom.text
is incorrect. Thanks to Ben Kiefer!/>
. Thanks to Віталій Крутько!CKEDITOR.ui.dialog.radio
validation to not work. Thanks to Florian Ludwig!element.appendText()
method does not work properly for empty elements.foo:href
attributes.<li>
elements. Thanks to Andrew Stucki!editor.getData()
parameter documentation.<iframe>
.<body>
has a margin.Other Changes:
0.2.3
.truncated-mathjax/
is now removed from the tests/
directory. Now bender.config.mathJaxLibPath
must be configured manually in order to run Mathematical Formulas plugin tests.Fixed Issues:
config.tabSpaces
configuration option value was greater than zero.table-layout
CSS property should be reset by skins. Thanks to vita10gy!iframe
. Thanks to Vitaliy Zurian!config.fillEmptyBlocks
should only apply when outputting data.chameleon
property defined and config.uiColor
is defined.Security Updates:
Fixed XSS vulnerability in the HTML parser reported by Maco Cortes.
Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.
An upgrade is highly recommended!
New Features:
<main>
element to the CKEDITOR.dtd
.Fixed Issues:
user-select: none
style. Thanks to shaohua!editor.blur
event is not fired on first blur after initializing the inline editor on an already focused element.editor.change
event fired on first navigation key press after typing.config.magicline_putEverywhere
name used for a Magic Line all-encompassing config.magicline_everywhere
configuration option.New Features:
node.getAscendant()
.Fixed Issues:
CKEDITOR_GETURL
is not used with some plugins where it should be used. Thanks to Thomas Andraschko!<base>
tag is not created when <head>
has an attribute. Thanks to naoki.fujikawa!config.autoParagraph
as deprecated.<cite>
elements.CKEDITOR.filter.instances
on editor destroy.document.title
which breaks updating title in the full HTML mode.Fixed Issues:
keypress
listeners should not be used in the undo manager. A complete rewrite of keyboard handling in the undo manager was made. Numerous smaller issues were fixed, among others:
editor.change
event.editor.change
event is fired when pressing Arrow keys.UndoManager.locked
property violate strict mode in the Undo plugin.paste
event is not fired when pasting with Shift+Ins.document.activeElement
.<body>
in Compatibility Mode will no longer reset selection to the first line.config.title
.Other Changes:
benderjs-ckeditor
into the main CKEditor repository.Security Updates:
An upgrade is highly recommended!
New Features:
Fixed Issues:
width
and height
styles even when they are not allowed.config.disableObjectResizing
does not work on IE. Note: We were not able to fix this issue on IE11+ because necessary events stopped working. See a last resort workaround and make sure to support our complaint to Microsoft.<meta>
tags should be allowed everywhere, including inside the <body>
element.config.fillEmptyBlocks
not working properly if a function is specified.Important Notes:
tests/
directory which contains editor tests is not available in release packages. It can only be found in the development version of CKEditor on GitHub.New Features:
editor.setData()
method from recording undo snapshots.Fixed Issues:
widget.repository.getByElement()
method was improved.editor.setData()
and nestedEditable.setData()
.<span>
elements created when joining adjacent elements (non-collapsed selection).role="radiogroup"
should be applied only to radio inputs' container.element.setText()
method should not trigger the layout engine.allowFullScreen
parameter in the editor data if set to true
.config.baseHref
into account when updating image dimensions.checkDirty()
method value after focusing or blurring a widget./dev/builder/build.sh
script.IndexSizeError
thrown when pasting into a non-empty selection anchored in one text node.New Features:
Fixed Issues:
dir
attribute for a preloaded language in CKEDITOR.lang. Thanks to Akash Mohapatra!<code>
element.<title>
element.editor.insertElement()
throwing an exception when there was no selection in the editor.element.addClass()
chainable symmetrically to element.removeClass()
.contenteditable
attribute set to true
.contenteditable
attribute set to false
are not downcasted properly.Other Changes:
attribute.specified
in all browsers except Internet Explorer.<pre>
to 4 spaces.Important Notes:
editor.beforePaste
event as deprecated.image
(was: caption
). Please note that once edited in CKEditor 4.4+, all existing images of the caption
class (<figure class="caption">
) will be filtered out unless the config.image2_captionedClass
option is set to caption
. For backward compatibility (i.e. when upgrading), it is highly recommended to use this setting, which also helps prevent CSS conflicts, etc. This does not apply to new CKEditor integrations.allowedContent
and requiredContent
properties for it manually, because the editor will not be able to find them.CKEDITOR.style
methods to ensure full compatibility with other features (e.g. applying styles to widgets requires that). We ensured backward compatibility though, so the CKEDITOR.style
will work even when the editor instance is not provided.New Features:
type
and widget
. Read more in the Widget Styles section of the "Syles Drop-down" guide. Note that by default, widgets support only classes and no other attributes or styles. Related changes and features:
CKEDITOR.style.addCustomHandler()
method for registering custom style handlers.CKEDITOR.style.apply()
and CKEDITOR.style.remove()
methods are now called with an editor instance instead of the document so they can be reused by the CKEDITOR.editor.applyStyle()
and CKEDITOR.editor.removeStyle()
methods. Backward compatibility was preserved, but from CKEditor 4.4 it is highly recommended to pass an editor instead of a document to these methods.widget.definition.styleableElements
, widget.definition.styleToAllowedContentRule
, widget.addClass()
, widget.removeClass()
, widget.getClasses()
, widget.hasClass()
, widget.applyStyle()
, widget.removeStyle()
, widget.checkStyleActive()
.CKEDITOR.style.toAllowedContent()
method which can be implemented by the custom style handler and if exists, it is used by the CKEDITOR.filter
to translate a style to allowed content rules.config.image2_captionedClass
option to configure the class of captioned images.config.image2_alignClasses
option to configure the way images are aligned with CSS classes.
If this setting is defined, the editor produces classes instead of inline styles for aligned images.editor.lang.image2.captionPlaceholder
string.filter.addElementCallback()
).editor.addContentsCss()
method that can be used for adding custom CSS files.CKEDITOR.tools.htmlDecode()
method for decoding HTML entities.CKEDITOR.tools.transparentImageData
property which contains transparent image data to be used in CSS or as image source.Other Changes:
editable.status
property.forceUpdate
option for the editor.lockSnapshot
event.Fixed Issues:
editor.removeStyle()
should result in a paragraph and not a div.New Features:
Fixed Issues:
Fixed Issues:
<span>
elements.element.renameNode()
not clearing the element.getName()
cache.{cke_protected_1}
appearing in data in various cases where HTML comments are placed next to "
or '
.Fixed Issues:
selection.removeAllRanges()
is now scoped to selection's root.editor.checkDirty()
method.editor.execCommand()
behavior.widget.doubleclick
event is not canceled anymore after editing was triggered.htmlDataProcessor
discovering protected attributes within other attributes' values.domObject.removeAllListeners()
method does not remove custom listeners completely.selection.getRanges()
method does not override cached ranges when used with the onlyEditables
argument.config.fullPage
is set to true
, entities are not encoded in editor output.Fixed Issues:
aria-pressed
attribute.CKEDITOR.template
improvements:
config.contentsCss
is affected by CKEDITOR.getUrl()
.widgets.repository.addUpcastCallback()
method that allows to block upcasting given element to a widget.line-height
to unitless values to avoid huge text overlapping (like in #9696).div
-based editor.<div>
element with text-align: center
and an image inside is not recognised correctly.Important Notes:
language
button is now Language
(#11201).Fixed Issues:
widget.repository.checkWidgets()
method now fires the widget.repository.checkWidgets
event, so from CKEditor 4.3.1 it is preferred to use the method rather than fire the event.editor.insertElement()
and editor.insertText()
methods do not call the widget.repository.checkWidgets()
method.env.quirks
for more details.figure
and figcaption
styles to the contents.css
file so Enhanced Image looks nicer.editor.insertElement()
method does not insert the element into every range of a selection any more.editor.applyStyle()
method removes attributes from nested elements.editor.destroy()
does not cleanup content generated by the Table Resize plugin for inline editors.<textarea>
element are not encoded.New Features:
draggable
option to disable drag and drop support for widgets.config.dialog_noConfirmCancel
configuration option that eliminates the need to confirm closing of a dialog window when the user changed any of its fields.Fixed Issues:
image2inline
and image2block
into one image2
widget.paste
command is no longer being disabled when the clipboard is empty.<br>
to <body>
, so it is stripped by the HTML data processor.contentDomInvalidated
event.range#moveToPoint
method.<body>
.New Features:
editor.enterMode
and editor.shiftEnterMode
properties – normalized versions of config.enterMode
and config.shiftEnterMode
.editor.setActiveEnterMode()
method, editor.activeEnterModeChange
event, and two properties: editor.activeEnterMode
and editor.activeShiftEnterMode
.editor.setActiveFilter()
method, editor.activeFilterChange
event, and editor.activeFilter
property.selection.fake()
method.htmlParser.filter
rules are not applied to non-editable elements (elements with contenteditable
attribute set to false
and their descendants) anymore. To add a rule which will be applied to all elements you need to pass an additional argument to the filter.addRules()
method.Fixed Issues:
Fixed Issues:
CKEDITOR.plugins.addExternal()
not handling paths including file name specified.CKEDITOR.tools.isArray()
not working cross frame.range.createBookmark2()
incorrectly normalizing offsets. This bug was causing many issues: #10850, #10842.Fixed Issues:
dir
) from main language file to core.onbeforeunload
event in the popup dialog.Important Notes:
Dropped compatibility support for Internet Explorer 7 and Firefox 3.6.
Both the Basic and the Standard distribution packages will not contain the new Indent Block plugin. Because of this the Advanced Content Filter might remove block indentations from existing contents. If you want to prevent this, either add an appropriate ACF rule to your filter or create a custom build based on the Basic/Standard package and add the Indent Block plugin in CKBuilder.
New Features:
config.title
setting to change the human-readable title of the editor.editor.change
event.required
attributes on <textarea>
elements — introduced editor.required
event.<textarea>
elements with the inline editor.Fixed Issues:
editor.setData()
.New Features:
Fixed Issues:
config.shiftEnterMode
.CKEDITOR.dialog.addIframe()
incorrectly sets the iframe size in dialog windows.New Features:
Fixed Issues:
editable.insertText()
loses characters when RegExp
replace controls are being inserted.document.domain
has been altered.keystrokeHandler.blockedKeystrokes
when calling editor.setReadOnly()
.config.customConfig
files.config.enterMode
is CKEDITOR.ENTER_BR
.role="application"
should not be used for dialog windows.role="application"
should not be used for floating panels.New Features:
Fixed Issues:
mouseup
event.<textarea>
should not be modified by the htmlDataProcessor
.tabSpaces
. Unified data-cke-*
attributes filtering.keydown
in specific cases.undoManager.update()
does not refresh the command state.<s>
using Remove Format.Fixed Issues:
filter.allowedContent
property always contains rules in the same format.<a>
elements anymore.align
attribute to float
style to preserve backward compatibility after the introduction of Advanced Content Filter.config.justifyClasses
is defined.New Features:
Brand new data filtering system that works in 2 modes:
config.allowedContent
rules - the data
will be filtered and the editor features (toolbar items, commands, keystrokes) will be enabled if they are allowed.See the datafiltering.html
sample, guides and CKEDITOR.filter
API documentation.
contentPreview
event for preview data manipulation.toHtml
and toDataFormat
, allowing for better integration with data processing.htmlParser.fragment
, htmlParser.element
etc. by many htmlParser.filter
s before writing structure to an HTML string.editor.status
property to make it easier to check the current status of the editor.command
state is now CKEDITOR.TRISTATE_DISABLE
. It will be activated on editor.instanceReady
or immediately after being added if the editor is already initialized.<s>
as a default tag for strikethrough, which replaces obsolete <strike>
in HTML5.Fixed Issues:
editor.destroy()
.Fixed Issues:
CKEDITOR.getUrl()
with CKEDITOR_GETURL
.stylesSet.add()
are displayed in the wrong order.editor.readOnly
is set.editor.getData()
if set via the Document Properties dialog window.selectionChange
event is not fired when mouse selection ended outside editable.editor.checkDirty()
returns true
when called onload. Removed the obsolete editor.mayBeDirty
flag.Fixed Issues:
Fixed Issues:
box-sizing
style should not influence the editor UI elements.tel
, email
, search
and url
input types.<div>
element stay permanently even after the user exits editing the <div>
.border-width
style is specified.<pre>
elements.onChange
is not fired for checkboxes in dialogs.editor.addRemoveFormatFilter()
is exposed before it really works.pasteFromWordCleanupFile
configuration option is now taken from the instance configuration.The first stable release of the new CKEditor 4 code line.
The CKEditor JavaScript API has been kept compatible with CKEditor 4, whenever possible. The list of relevant changes can be found in the API Changes page of the CKEditor 4 documentation.