HTML in messages for the WindowManager.alert and WindowManager.confirm APIs were not properly sanitized. #TINY-3548
6.3.0 - 2022-11-23
Added
New expand function added to tinymce.selection which expands the selection around the nearest word. #TINY-9001
New expand function added to tinymce.dom.RangeUtils to return a new range expanded around the nearest word. #TINY-9001
New color_map_background and color_map_foreground options which set the base colors used in the backcolor and forecolor toolbar buttons and menu items. #TINY-9184
Added optional storageKey property to colorinput component and colorswatch fancy menu item. #TINY-9184
New addView function added to editor.ui.registry which makes it possible to register custom editor views. #TINY-9210
New ToggleView command which makes it possible to hide or show registered custom views. #TINY-9210
New color_default_foreground and color_default_background options to set the initial default color for the forecolor and backcolor toolbar buttons and menu items. #TINY-9183
New getTransparentElements function added to tinymce.html.Schema to return a map object of transparent HTML elements. #TINY-9172
Added ToggleToolbarDrawer event to subscribe to toolbar’s opening and closing. #TINY-9271
Changed
Transparent elements, like anchors, are now allowed in the root of the editor body if they contain blocks. #TINY-9172
Colorswatch keyboard navigation now starts on currently selected color if present in the colorswatch. #TINY-9283
setContent is now allowed to accept any custom keys and values as a second options argument. #TINY-9143
Improved
Transparent elements, like anchors, can now contain block elements. #TINY-9172
Colorswatch now displays a checkmark for selected color. #TINY-9283
Color picker dialog now starts on the appropriate color for the cursor position. #TINY-9213
Fixed
Parsing media content would cause a memory leak, which for example occurred when using the getContent API. #TINY-9186
Dragging a noneditable element toward the bottom edge would cause the page to scroll up. #TINY-9025
Range expanding capabilities would behave inconsistently depending on where the cursor was placed. #TINY-9029
Compilation errors were thrown when using TypeScript 4.8. #TINY-9161
Line separator scrolling in floating toolbars. #TINY-8948
A double bottom border appeared on inline mode editor for the tinymce-5 skin. #TINY-9108
The editor header showed up even with no menubar and toolbar configured. #TINY-8819
Inline text pattern no longer triggers if it matches only the end but not the start. #TINY-8947
Matches of inline text patterns that are similar are now managed correctly. #TINY-8949
Using editor.selection.getContent({ format: 'text' }) or editor.getContent({ format: 'text' }) would sometimes deselect selected radio buttons. #TINY-9213
The context toolbar prevented the user from placing the cursor at the edges of the editor. #TINY-8890
The Quick Insert context toolbar provided by the quickbars plugin showed when the cursor was in a fake block caret. #TINY-9190
The editor.selection.getRng() API was not returning a proper range on hidden editors in Firefox. #TINY-9259
The editor.selection.getBookmark() API was not returning a proper bookmark on hidden editors in Firefox. #TINY-9259
Dragging a noneditable element before or after another noneditable element now works correctly. #TINY-9253
The restored selection after a redo or undo action was not scrolled into view. #TINY-9222
A newline could not be inserted when the selection was restored from a bookmark after an inline element with a contenteditable="false" attribute. #TINY-9194
The global tinymce.dom.styleSheetLoader was not affected by the content_css_cors option. #TINY-6037
The caret was moved to the previous line when a text pattern executed a mceInsertContent command on Enter key when running on Firefox. #TINY-9193
The autoresize plugin used to cause infinite resize when content_css is set to document. #TINY-8872
... (truncated)
Commits
624eaa1 TINY-9404: Prepare for TinyMCE 6.3.1 release (#8327)
6923d85 Merge pull request from GHSA-gg8r-xjwq-4w92
157dc88 TINY-8984: Updated tinymce changelog and security md files
This version was pushed to npm by tinymce, a new releaser for tinymce since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/tinymce/tinymce-vue/network/alerts).
Bumps tinymce from 6.0.0 to 6.3.1.
Changelog
Sourced from tinymce's changelog.
... (truncated)
Commits
624eaa1TINY-9404: Prepare for TinyMCE 6.3.1 release (#8327)6923d85Merge pull request from GHSA-gg8r-xjwq-4w92157dc88TINY-8984: Updated tinymce changelog and security md files3a51fedDOC-1777: Changelog edits for 6.3 (#8291)b4cae9cDOC-1006: Update isEdge docs to note it detects Legacy Edge (#8287)398a1f2TINY-9392: Forgot to add icon to custom colors. (#8286)659adfbTINY-9298: Add typography premium plugin to the premium plugin list (#8278)415ae82TINY-9283: Improved colorswatch ui functionality. (#8247)0cb16aeTINY-9232: Parser needs to handle nested anchor cases better (#8258)9aca3b7TINY-9335: fixed expanded selections inside block links should not display th...Maintainer changes
This version was pushed to npm by tinymce, a new releaser for tinymce since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/tinymce/tinymce-vue/network/alerts).