This release is mainly to fix a potential XSS attack where if a malicious user has the ability to set options passed to sceditor.create(), they can cause an XSS attack due to lack of sanitization of configuration options. A big thanks to Sofiane El Hor (22sh) @sofianeelhor for reporting and helping test the fix.
This release also adds a new Emoji toolbox plugin created by @w8tcha.
Thanks to everyone who contributed!
Full Changelog
- Fixed bug with checkWhitespace() giving error when no previous node.
- Added Emoji toolbox plugin.
Thanks to @w8tcha for creating - Fixed XSS when untrusted values are passed as options to sceditor.create().
Thanks to Sofiane El Hor (22sh) @sofianeelhor for reporting and helping test the fix.
Contributors
w8tcha and sofianeelhor