You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Drag and drop element: added a startDragElement event so another plugin can begin dragging a specific element programmatically β e.g. from a dedicated drag handle/anchor shown next to a block. Fire editor.e.fire('startDragElement', element, mouseEvent); the element does not need to be listed in draggableTags (the listener is registered even when that list is empty), so handles can move elements such as <pre> code blocks that are not auto-draggable.
π Bug Fix
Formatting / Selection: toggling Bold/Italic/Underline (etc.) on a collapsed cursor and then clicking in the editor lost one or more of the pending formats. The click placed the caret just before the empty marker elements, so clean-html removed them. The caret is now moved back into the innermost pending marker on click, and clean-html keeps empty inline elements that hold the live caret, so the next typed character keeps every format. Fixes #1291.
History / Enter: pressing Enter while a selection was active (e.g. Ctrl+A then Enter) required two Ctrl+Z presses to undo β the first only reverted to an intermediate empty state. The delete-of-selection and the new block are now a single history transaction, so one undo restores the original content. Fixes #1292.
Security / Config (prototype pollution): Jodit.configure() β and the internal ConfigMerge/ConfigProto helpers β merged user-supplied options without filtering prototype-mutating keys, so a payload nested under an existing plain-object option such as controls (e.g. {"controls":{"__proto__":{"polluted":"yes"}}}) could reach and mutate Object.prototype (CWE-1321). Merging now rejects __proto__, constructor, and prototype at every nesting level. Responsibly reported by Junming Wu (Dremig).
π Polish
Drag and drop element: dropping a non-editable block (e.g. a <pre> code sample) no longer leaves an invisible filler text node (ο»Ώ) next to it. Previously this stray node showed up as an extra empty line until clean-html removed it later; it is now stripped in onDrop right after insertion.
