CKEditor 4.9.2 发布了,其中包含针对增强图像插件的安全修补程序,建议对 CKEditor 4.5.11 等以上版本进行升级。 安全更新: Fixed XSS vulnerability in the Enhanced Image (image2) plugin reported by Kyaw Min Thein. Issue summary: It was possible to execute XSS inside CKEditor using the <img> tag and specially crafted HTML. Please note that the default presets (Basic/Standard/Full) do not include this plugin, so you are only at risk if you made a custom build and enabled this plugin. 更多详情可查看发布博客。 下载地址:https://ckeditor.com/ckeditor-4/download/ CKEditor 4.9.2 发布,可视化 HTML 编辑器下载地址
