Rev 1422 | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1422 | Rev 1434 | ||
---|---|---|---|
Line 4... | Line 4... | ||
4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), |
4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), |
5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). |
5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). |
6 | 6 | ||
7 | ## Unreleased |
7 | ## Unreleased |
8 | 8 | ||
- | 9 | ## 5.10.9 - 2023-11-15 |
|
- | 10 | ||
- | 11 | ### Changed |
|
- | 12 | - Zero width no-break space (U+FEFF) characters are removed from content passed to `setContent`, `insertContent`, and `resetContent` APIs. #TINY-10337 |
|
- | 13 | - Zero width no-break space (U+FEFF) characters in initial content are not loaded into the editor upon initialization. #TINY-10337 |
|
- | 14 | ||
- | 15 | ### Fixed |
|
- | 16 | - Specific HTML content containing unescaped text nodes caused mXSS when using undo/redo. #TINY-10337 |
|
- | 17 | - Specific HTML content containing unescaped text nodes caused mXSS when using the `getContent` and `setContent` APIs with the `format: 'raw'` option, which also affected the `resetContent` API and the draft restoration feature of the Autosave plugin. #TINY-10337 |
|
- | 18 | ||
9 | ## 5.10.8 - 2023-10-19 |
19 | ## 5.10.8 - 2023-10-19 |
10 | 20 | ||
11 | ### Fixed |
21 | ### Fixed |
12 | - Specific HTML content caused mXSS when using undo/redo. #TINY-10215 |
22 | - Specific HTML content caused mXSS when using undo/redo. #TINY-10215 |
13 | - Specific HTML content caused mXSS when using the `getContent` and `setContent` APIs with the `format: 'raw'` option, which also affected the `resetContent` API and the draft restoration feature of the Autosave plugin. #TINY-10236 |
23 | - Specific HTML content caused mXSS when using the `getContent` and `setContent` APIs with the `format: 'raw'` option, which also affected the `resetContent` API and the draft restoration feature of the Autosave plugin. #TINY-10236 |