CKEditor 4 Changelog ==================== ## CKEditor 4.5.11 **Security Updates:** * [Severity: minor] Fixed the target="_blank" vulnerability reported by James Gaskell. Issue summary: If a victim had access to a spoofed version of via HTTP (e.g. due to DNS spoofing, using a hacked public network or mailicious hotspot), then when using a link to the website it was possible for the attacker to change the current URL of the opening page, even if the opening page was protected with SSL. An upgrade is recommended. New Features: * [#14747]( The [Enhanced Image]( caption now supports the link `target` attribute. * [#7154]( Added support for the "Display Text" field to the [Link]( dialog. Thanks to [Ryan Guill](! Fixed Issues: * [#13362]( [Blink, WebKit] Fixed: Active widget element is not cached when it is losing focus and it is inside an editable element. * [#13755]( [Edge] Fixed: Pasting images does not work. * [#13548]( [IE] Fixed: Clicking the [elements path]( disables Cut and Copy icons. * [#13812]( Fixed: When aborting file upload the placeholder for image is left. * [#14659]( [Blink] Fixed: Content scrolled to the top after closing the dialog in a [`
`-based editor]( * [#14825]( [Edge] Fixed: Focusing the editor causes unwanted scrolling due to dropped support for the `setActive` method. ## CKEditor 4.5.10 Fixed Issues: * [#10750]( Fixed: The editor does not escape the `font-style` family property correctly, removing quotes and whitespace from font names. * [#14413]( Fixed: The [Auto Grow]( plugin with the [`config.autoGrow_onStartup`](!/api/CKEDITOR.config-cfg-autoGrow_onStartup) option set to `true` does not work properly for an editor that is not visible. * [#14451]( Fixed: Numeric element ID not escaped properly. Thanks to [Jakub Chalupa](! * [#14590]( Fixed: Additional line break appearing after inline elements when switching modes. Thanks to [dpidcock](! * [#14539]( Fixed: JAWS reads "selected Blank" instead of "selected " when selecting a widget. * [#14701]( Fixed: More precise labels for [Enhanced Image]( and [Placeholder]( widgets. * [#14667]( [IE] Fixed: Removing background color from selected text removes background color from the whole paragraph. * [#14252]( [IE] Fixed: Styles drop-down list does not always reflect the current style of the text line. * [#14275]( [IE9+] Fixed: `onerror` and `onload` events are not used in browsers it could have been used when loading scripts dynamically. ## CKEditor 4.5.9 Fixed Issues: * [#10685]( Fixed: Unreadable toolbar icons after updating to the new editor version. Fixed with [6876179]( in [ckeditor-dev]( and [6c9189f4]( in [ckeditor-presets]( * [#14573]( Fixed: Missing [Widget]( drag handler CSS when there are multiple editor instances. * [#14620]( Fixed: Setting both the `min-height` style for the `` element and the `height` style for the `` element breaks the [Auto Grow]( plugin. * [#14538]( Fixed: Keyboard focus goes into an embedded `