fix(deps): update dependency ckeditor/ckeditor to v4.16.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
ckeditor/ckeditor (source)	require	minor	4.6.2 -> 4.16.0

---

Release Notes

ckeditor/ckeditor4-releases

v4.16.0

Compare Source

v4.15.1

Compare Source

CKEditor 4.15.1

Security Updates:

• Fixed XSS vulnerability in the Color History feature reported by Mark Wade.

  	Issue summary: It was possible to execute an XSS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted HTML code into the [Color Button](https://ckeditor.com/cke4/addon/colorbutton) dialog.
  

An upgrade is highly recommended!

Fixed Issues:

• #​4293: Fixed: The CKEDITOR.inlineAll() method tries to initialize inline editor also on elements with an editor already attached to them.
• #​3961: Fixed: The Table Resize plugin prevents editing of merged cells.
• #​3649: Fixed: Applying a block format should remove existing block styles.
• #​4282: Fixed: The script loader does not execute callback for scripts already loaded when called for the second time. Thanks to Alexander Korotkevich!
• #​4273: Fixed: A memory leak in the CKEDITOR.domReady() method connected with not removing load event listeners. Thanks to rohit1!
• #​1330: Fixed: Incomplete CSS margin parsing if an auto or 0 value is used.
• #​4286: Fixed: The Auto Grow plugin causes the editor width to be set to 0 on editor resize.
• #​848: Fixed: Arabic text not being "bound" correctly when pasting. Thanks to Thomas Hunkapiller and J. Ivan Duarte Rodríguez!

API Changes:

• #​3649: Added a new stylesRemove editor event.

Other Changes:

• #​4262: Removed the global reference to the stylesLoaded variable. Thanks to Levi Carter!
• Updated the Export to PDF plugin to 1.0.1 version:
  * Improved external CSS support for classic editor by handling exceptions and displaying convenient error messages.

v4.15.0

Compare Source

v4.14.1

Compare Source

CKEditor 4.14.1

Fixed Issues:

• #​2607: Fixed: The Emoji plugin SVG icons file is not loaded in CORS context.
• #​3866: Fixed: The config.readOnly configuration option not considered for startup read-only mode of inline editor.
• #​3931: [IE] Fixed: An error is thrown when pasting using the Paste button after accepting the browser Clipboard Access Prompt dialog.
• #​3938: Fixed: Cannot navigate the Autocomplete panel with the keyboard after switching to source mode.
• #​2823: [IE] Fixed: Cannot resize the last table column using the Table Resize plugin.
• #​909: Fixed: The Table Resize plugin does not work when the editor is placed in an absolutely positioned container. Thanks to Roland Petto!
• #​1959: Fixed: The Table Resize plugin does not work in a maximized editor when the Div Editing Area feature is enabled. Thanks to Roland Petto!
• #​3156: Fixed: Autolink config.autolink_urlRegex and config.autolink_emailRegex options are not customizable. Thanks to Sergiy Dobrovolsky!
• #​624: Fixed: Notification does not work with the bottom toolbar location.
• #​3000: Fixed: Auto Embed does not work with the bottom toolbar location.
• #​1883: Fixed: The editor.resize() method does not work with CSS units.
• #​3926: Fixed: Dragging and dropping a widget sometimes produces an error.
• #​4008: Fixed: Remove Format does not work with a collapsed selection.
• #​3998: Fixed: An error is thrown when switching to the source mode using a custom Ctrl + Enter keystroke with the Widget plugin present.

Other Changes:

• Updated WebSpellChecker (WSC) and SpellCheckAsYouType (SCAYT) plugins:
  * Fixed: Active Autocomplete panel causes active suggestions to be unnecessarily checked by the SCAYT spell checking mechanism.

v4.14.0

Compare Source

v4.13.1

Compare Source

CKEditor 4.13.1

Fixed Issues:

• #​875: Fixed: Pasting inside the editor that contains a table with the Table Selection plugin after selecting all content replaces only the table element instead of the entire content.
• #​3415: [Firefox] Fixed: Pasting individual list elements fails. Thanks to Jack Wickham!
• #​3413: Fixed: Menu items with labels containing double quotes are rendered incorrectly.
• #​3475: [Firefox] Fixed: Pasting plain text over existing content fails and throws an error.
• #​2027: Fixed: Incorrect email display text after reopening the Link dialog for display names starting with @.
• #​3544: Fixed: The Special Characters dialog read incorrectly by screen readers due to empty table cells at the end.
• #​1653: Fixed: Balloon Toolbar is not repositioned when the editor is scrolled with the Div Editing Area feature enabled.
• #​3559: Fixed: Color Dialog is incorrectly positioned when used with another dialog.
• #​3593: Fixed: Cannot access a text or comment node when replacing an element node with them via CKEDITOR.htmlParser.filter.
• #​3524: Fixed: The Easy Image plugin throws an error when any image with an unsupported data type is pasted into the editor.
• #​3552: Fixed: Incorrect value of CKEDITOR.plugins.widget.repository#selected after selecting the whole editor content.
• #​3586: Fixed: Content pasted from Microsoft Excel is not correctly recognised by the Paste from Word plugin.
• #​3585: [Firefox] Fixed: Microsoft Excel content is pasted as an image.
• #​3625: [Firefox] Fixed: Microsoft PowerPoint content is pasted as an image.
• #​3474: Fixed: Incorrect focus order after any tab in a dialog was clicked.
• #​3689: Fixed: Cannot change dialog tabs with keyboard arrow keys after focusing any tab with a mouse click.

API Changes:

• #​3634: Added the CKEDITOR.plugins.clipboard.dataTransfer#getTypes() method.

v4.13.0

Compare Source

v4.12.1

Compare Source

CKEditor 4.12.1

Fixed Issues:

• #​3220: Fixed: Prevent Paste from Word filter from deleting Page Break elements on paste.

v4.12.0

Compare Source

v4.11.4

Compare Source

CKEditor 4.11.4

Fixed Issues:

• #​589: Fixed: The editor causes memory leaks in create and destroy cycles.
• #​1397: Fixed: Using the dialog to remove headers from a table with one header row only throws an error.
• #​1479: Fixed: Justification for styled content in BR mode is disabled.
• #​2816: Fixed: Enhanced Image resize handler is visible in read-only mode.
• #​2874: Fixed: Enhanced Image resize handler is not created when the editor is initialized in read-only mode.
• #​2775: Fixed: Clipboard paste buttons have wrong state when read-only mode is set by the mouse event listener with the Div Editing Area plugin.
• #​1901: Fixed: Cannot open the context menu over a Widget with the Shift+F10 keyboard shortcut.

Other Changes:

• Updated WebSpellChecker (WSC) and SpellCheckAsYouType (SCAYT) plugins:
  _ Language dictionary update: German language was extended with over 600k new words.
  _ Language dictionary update: Swedish language was extended with over 300k new words.
  _ Grammar support added for Australian and New Zealand English, Polish, Slovak, Slovenian and Austrian languages.
  _ Changed wavy red and green lines that underline spelling and grammar errors to straight ones.
  _ #​55: Fixed: WSC does not use CKEDITOR.getUrl() when referencing style sheets.
  _ #​166: Fixed: SCAYT does not use CKEDITOR.getUrl() when referencing style sheets.
  _ #​56: [Chrome] Fixed: SCAYT/WSC throws errors when running inside a Chrome extension.
  _ Fixed: After removing a dictionary, the words are not underlined and considered as incorrect.
  _ Fixed: The Slovenian (sl_SL) language does not work.
  _ Fixed: Quotes with code U+2019 (Right single quotation mark) are considered separators.
  _ Fixed: Wrong error message formatting when the service ID is invalid.
  _ Fixed: Absent languages in the Languages tab when using SCAYT with the Shared Spaces plugin.

v4.11.3

Compare Source

CKEditor 4.11.3

Fixed Issues:

• #​2721, #​487: Fixed: The order of sublist items is reversed when a higher level list item is removed.
• #​2527: Fixed: Emoji autocomplete order does not prioritize emojis with the name starting from the used string.
• #​2572: Fixed: Icons in the Emoji dropdown navigation groups are not centered.
• #​1191: Fixed: Items in the elements path are draggable.
• #​2292: Fixed: Dropping a list with a link on the editor's margin causes a console error and removes the dragged text from editor.
• #​2756: Fixed: The Auto Link plugin causes an error when typing in the source editing mode.
• #​1986: Fixed: The Cell Properties dialog from the Table Tools plugin shows styles that are not allowed through config.allowedContent.
• #​2565: [IE, Edge] Fixed: Buttons in the editor toolbar are activated by clicking them with the right mouse button.
• #​2792: Fixed: A bug in the Copy Formatting plugin that caused the following issues:
  • #​2780: Fixed: Undo steps disappear after multiple changes of selection.
  • #​2470: [Firefox] Fixed: Widget's nested editable gets blurred upon focus.
  • #​2655: [Chrome, Safari] Fixed: Widget's nested editable cannot be focused under certain circumstances.

v4.11.2

Compare Source

CKEditor 4.11.2

Fixed Issues:

• #​2403: Fixed: Styling inline editor initialized inside a table with the Table Selection plugin is causing style leaks.
• #​2514: Fixed: Pasting table data into inline editor initialized inside a table with the Table Selection plugin inserts pasted content into the wrapping table.
• #​2451: Fixed: The Remove Format plugin changes selection.
• #​2546: Fixed: The separator in the toolbar moves when buttons are focused.
• #​2506: Fixed: Enhanced Image throws a type error when an empty <figure> tag with an image class is upcasted.
• #​2650: Fixed: Table dialog validator fails when the getValue() function is defined in the global scope.
• #​2690: Fixed: Decimal characters are removed from the inside of numbered lists when pasting content using the Paste from Word plugin.
• #​2205: Fixed: It is not possible to add new list items under an item containing a block element.
• #​2411, #​2438 Fixed: Apply numbered list option throws a console error for a specific markup.
• #​2430 Fixed: Color Button and List Block items are draggable.

Other Changes:

• Updated the WebSpellChecker (WSC) plugin:
  * #​52 Fixed: Clicking "Finish Checking" without a prior action would hang the Spell Checking dialog.
• #​2603: Corrected the GPL license entry in the package.json file.

v4.11.1

Compare Source

CKEditor 4.11.1

Fixed Issues:

• #​2571: Fixed: Clicking the categories in the Emoji dropdown panel scrolls the entire page.

v4.11.0

Compare Source

v4.10.1

Compare Source

CKEditor 4.10.1

Fixed Issues:

• #​2114: Fixed: Autocomplete cannot be initialized before instanceReady.
• #​2107: Fixed: Holding and releasing the mouse button is not inserting an autocomplete suggestion.
• #​2167: Fixed: Matching in Emoji plugin is not case insensitive.
• #​2195: Fixed: Emoji shows the suggestion box when the colon is preceded with other characters than white space.
• #​2169: [Edge] Fixed: Error thrown when pasting into the editor.
• #​1084 Fixed: Using the "Automatic" option with Color Button on a text with the color already defined sets an invalid color value.
• #​2271: Fixed: Custom color name not used as a label in the Color Button plugin. Thanks to Eric Geloen!
• #​2296: Fixed: The Color Button plugin throws an error when activated on content containing HTML comments.
• #​966: Fixed: Executing editor.destroy() during the file upload throws an error. Thanks to Maksim Makarevich!
• #​1719: Fixed: Ctrl/Cmd + A inadvertently focuses inline editor if it is starting and ending with a list. Thanks to theNailz!
• #​1046: Fixed: Subsequent new links do not include the id attribute. Thanks to Nathan Samson!
• #​1348: Fixed: Enhanced Image plugin aspect ratio locking uses an old width and height on image URL change.
• #​1791: Fixed: Image and Enhanced Image plugins can be enabled when Easy Image is present.
• #​2254: Fixed: Image ratio locking is too precise for resized images. Thanks to Jonathan Gilbert!
• #​1184: [IE8-11] Fixed: Copying and pasting data in read-only mode throws an error.
• #​1916: [IE9-11] Fixed: Pressing the Delete key in read-only mode throws an error.
• #​2003: [Firefox] Fixed: Right-clicking multiple selected table cells containing empty paragraphs removes the selection.
• #​1816: Fixed: Table breaks when Enter is pressed over the Table Selection plugin.
• #​1115: Fixed: The <font> tag is not preserved when proper configuration is provided and a style is applied by the Font plugin.
• #​727: Fixed: Custom styles may be invisible in the Styles Combo plugin.
• #​988: Fixed: ACF-enabled custom elements prefixed with object, embed, param are removed from the editor content.

API Changes:

• #​2249: Added the editor.plugins.detectConflict() method finding conflicts between provided plugins.

v4.10.0

Compare Source

v4.9.2

Compare Source

CKEditor 4.9.2

Security Updates:

• Fixed XSS vulnerability in the Enhanced Image (image2) plugin reported by Kyaw Min Thein.

  	Issue summary: It was possible to execute XSS inside CKEditor using the `<img>` tag and specially crafted HTML. Please note that the default presets (Basic/Standard/Full) do not include this plugin, so you are only at risk if you made a custom build and enabled this plugin.
  

We would like to thank the Drupal security team for bringing this matter to our attention and coordinating the fix and release process!

v4.9.1

Compare Source

CKEditor 4.9.1

Fixed Issues:

• #​1835: Fixed: Integration between CKFinder and the File Browser plugin does not work.

v4.9.0

Compare Source

v4.8.0

Compare Source

v4.7.3

Compare Source

CKEditor 4.7.3

New Features:

• #​568: Added possibility to adjust nested editables' filters using the CKEDITOR.filter.disallowedContent property.

Fixed Issues:

• #​554: Fixed: change event not fired when typing the first character after pasting into the editor. Thanks to Daniel Miller!
• #​566: Fixed: The CSS border shorthand property with zero width (border: 0px solid #​000;) causes the table to have the border attribute set to 1.
• #​779: Fixed: The Remove Format plugin removes elements with language definition inserted by the Language plugin.
• #​423: Fixed: The Paste from Word plugin pastes paragraphs into the editor even if CKEDITOR.config.enterMode is set to CKEDITOR.ENTER_BR.
• #​719: Fixed: Image inserted using the Enhanced Image plugin can be resized when the editor is in read-only mode.
• #​577: Fixed: The "Delete Columns" command provided by the Table Tools plugin throws an error when trying to delete columns.
• #​867: Fixed: Typing into a selected table throws an error.
• #​817: Fixed: The Save plugin does not work in Source Mode.

Other Changes:

• Updated the WebSpellChecker plugin:
  * #​40: Fixed: IE10 throws an error when spell checking is started.
• #​800: Added the CKEDITOR.dom.selection.isCollapsed() method which is a simpler way to check if the selection is collapsed.
• #​830: Added an option to define which dialog tab should be shown by default when creating CKEDITOR.dialogCommand.

v4.7.2

Compare Source

CKEditor 4.7.2

New Features:

• #​455: Added Advanced Content Filter integration with the Justify plugin.

Fixed Issues:

• #​663: [Chrome] Fixed: Clicking the scrollbar throws an Uncaught TypeError: element.is is not a function error.
• #​694: Refactoring in the Table Selection plugin:
  • #​520: Fixed: Widgets cannot be properly pasted into a table cell.
  • #​460: Fixed: Editor gone after pasting into an editor within a table.
• #​579: Fixed: Internal cke_table-faked-selection-table class is visible in the Stylesheet Classes field of the Table Properties dialog.
• #​545: [Edge] Fixed: Error thrown when pressing the Select All button in Source Mode.
• #​582: Fixed: Double slash in the path to stylesheet needed by the Table Selection plugin. Thanks to Marius Dumitru Florea!
• #​491: Fixed: Unnecessary dependency on the Editor Toolbar plugin inside the Notification plugin.
• #​646: Fixed: Error thrown into the browser console after opening the Styles Combo plugin menu in the editor without any selection.
• #​501: Fixed: Double click does not open the dialog for modifying anchors inserted via the Link plugin.
• #​9780: [IE8-9] Fixed: Clicking inside an empty read-only editor throws an error.
• #​16820: [IE10] Fixed: Clicking below a single horizontal rule throws an error.
• #​426: Fixed: The range.cloneContents() method selects the whole element when the selection starts at the beginning of that element.
• #​644: Fixed: The range.extractContents() method returns an incorrect result when multiple nodes are selected.
• #​684: Fixed: The elementPath.contains() method incorrectly excludes the last element instead of root when the fromTop parameter is set to true.

Other Changes:

• Updated the SCAYT (Spell Check As You Type) plugin:
  * #​148: Fixed: SCAYT leaves underlined word after the CKEditor Replace dialog corrects it.
• #​751: Added the CKEDITOR.dom.nodeList.toArray() method which returns an array representation of a node list.

v4.7.1

Compare Source

CKEditor 4.7.1

New Features:

• Added a new Mexican Spanish localization. Thanks to David Alexandro Rodriguez!
• #​413: Added Paste as Plain Text keyboard shortcut to the Accessibility Help instructions.

Fixed Issues:

• #​515: [Chrome] Fixed: Mouse actions on CKEditor scrollbar throw an exception when the Table Selection plugin is loaded.
• #​493: Fixed: Selection started from a nested table causes an error in the browser while scrolling down.
• #​415: [Firefox] Fixed: Enter key breaks the table structure when pressed in a table selection.
• #​457: Fixed: Error thrown when deleting content from the editor with no selection.
• #​478: [Chrome] Fixed: Error thrown by the Enter Key plugin when pressing Enter with no selection.
• #​424: Fixed: Error thrown by Tab Key Handling and Indent List plugins when pressing Tab with no selection in inline editor.
• #​476: Fixed: Anchors inserted with the Link plugin on collapsed selection cannot be edited.
• #​417: Fixed: The Table Resize plugin throws an error when used with a table with only header or footer rows.
• #​523: Fixed: The editor.getCommandKeystroke() method does not obtain the correct keystroke.
• #​534: [IE] Fixed: Paste from Word does not work in Quirks Mode.
• #​450: Fixed: CKEDITOR.filter incorrectly transforms the margin CSS property.

v4.7.0

Compare Source

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.