ckeditor-reactive
Reactive icon

CKEditor.Reactive

Stable version 1.1.2 (Compatible with OutSystems 11)
Uploaded
 on 11 Jul
 by 
4.2
 (14 ratings)
ckeditor-reactive

CKEditor.Reactive

Compatible with:
Created on OutSystems 11

Version 1.1.2

Stable
Current
Application Package
Uploaded on 11 Jul by 
Compatible with:
Version 11
11.9.2 or higher
11.7.6 to 11.9.0
11.0.606 to 11.0.615
Database:
All
Release notes:

CKEditor version 4 has detected security vulnerabilities in the 4.24.1., so the component has been updated.

The CKEditor.Reactive was updated to mitigate these vulnerabilities, to assure that your applications that use this component is protected, these are the mitigation steps that need to be assured:

Issues:

  • Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection

    Mitigation (needs to be assured in development time):
    Don't allow config: fullPage: true
    Don't allow config: allowedContent = true or adding CDATA elements in Advanced Content Filter


  • Cross-site scripting (XSS) vulnerability in AJAX sample

    Mitigation
    The CKEditor.Reactive component doesn't have the affected file: samples/old/ajax.html

  • Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature

    Mitigation
    The CKEditor.Reactive component doesn't have the affected file: 
    samples/old/**/*.html
    plugins/[plugin name]/samples/**/*.html

Version 1.1.1

Stable
See documentation
Application Package
Uploaded on 3 Jun by 
Compatible with:
Version 11
11.9.2 or higher
11.7.6 to 11.9.0
11.0.606 to 11.0.615
Database:
All
Release notes:

Added more protection to the Upload API:

Site Properties:

OnlyAllowLoggedUsers: When is set to true, only authenticated users will be able to upload content, even if the page where component is deployed is anonymous.

VerifyAPIKeyOnUpload: When set to true, the upload requests will only be accepted if the header has the correct API Key

Both Site Properties have default to True, since they are related to security features. 

In case you need the component to act just like it was, change both Site Properties to False.


Timers:

ResetAPIKey:

Resets the APIKey, change the schedule to define what should be the interval to reset the API Key. Currently is defined to change once a day, at 00:00 UTC.

Version 1.1.0

Stable
Application Package
Uploaded on 22 Apr by 
Compatible with:
Version 11
11.9.2 or higher
11.7.6 to 11.9.0
11.0.606 to 11.0.615
Database:
All
Release notes:

Updates

  • Updated CKEditor version to 4.22.1
  • Updated Upload handler to only accept mime types: image/jpeg; image/jpg; image/png; image/gif; image/bmp; video/mp4; video/mpeg
  • Removed an CKEditor sample page that allowed XSS exploitation