Thank you to everyone who submitted bug reports and tested development versions. If you find any more issues please submit them on the forum or on github.
Download and Installation
JCE Pro is available for download with a JCE Pro Subscription. If you already have a subscription, please make sure you set your key before updating
Instructions for installing and updating JCE for each Joomla version are available here
This update fixes a number of issues reported since the last release and makes some changes to the way event attributes - eg: onclick, onload etc. - are handled. In addition, an important security update is included to prevent potential cross-site scripting attacks.
Event Attribute Changes
Event attributes are able to execute javascript and so should only be available to trusted users. In this update and going forward, event attributes are now disabled by default and will be removed from content created or edited with JCE. Event Attributes can be enabled with the Allow Event Attributes option in Editor Profiles -> Editor Parameters -> Advanced, or with the Allow Javascript option in the same tab. If the Allow Javascript option is enabled, Allow Event Attributes will automatically be enabled. A step-by-step guide for this is available here
The Rollover effect provided by the Image Manager uses event attributes, and so the Allow Event Attributes will now need to be enabled to use this feature. Existing rollover effects will be protected if the option is not enabled.
A Security Update
An article was recently published which demonstrated that many popular WYSIWYG editors were and are vulnerable to a cross-site scripting attack when pasting content copied from a malicious site, by taking advantage of event attributes in the copied HTML. As JCE uses a version of the Tinymce editor mentioned in the article, it too was vulnerable to this potential exploit. This update fixes the issue by removing all event attributes from pasted content copied from external sources, unless explicitely allowed in the Clipboard parameters.
In addition to this, better processing of HTML comments and media elements, and a fix in the Visual Characters feature , remove other potential instances where similar exploits could be executed by a user.
It should be noted that these issues require the editor to be active, either by a malicious user creating or editing content, or by a user inadvertantly pasting in content from a malicious website. Nevertheless, all users are advised to update to JCE 2.8.15 as soon as possible.
Thank you to everyone who submitted bug reports and tested development versions. If you find any more issues please submit them on the forum or on github.
Download and Installation
JCE Pro is available for download with a JCE Pro Subscription. If you already have a subscription, please make sure you set your key before updating
Instructions for installing and updating JCE for each Joomla version are available here
Thank you to everyone who submitted bug reports and tested development versions. If you find any more issues please submit them on the forum or on github.
Download and Installation
JCE Pro is available for download with a JCE Pro Subscription. If you already have a subscription, please make sure you set your key before updating
Instructions for installing and updating JCE for each Joomla version are available here
This update fixes a number of issues reported since the last update, and adds a few new features. In addition, various updates have been made to improve support for Joomla 4 Beta.
Simplified Dialogs
A new Basic Dialog option has been added for the Link, Image Manager and Media Manager buttons, which replaces the standard dialog window with a stripped down version, containing only a URL field, as well as a Text field for the Link version, and a Description field (for the alt attribute) for the Image Manager. This option is disabled by default. A further related option enables a File Browser in the URL field for the Image Manager and Media Manager.
The basic Link dialog The basic Image dialog, which includes an optional button to open a File Browser to manage and select imagesThe basic Media dialog, which includes an optional button to open a File Browser to manage and select media.
The Media dialog supports all common native video and audio types (mp4, m4v, ogg, ogv, webm, mp3) and common media providers, eg: Youtube, Vimeo, Dailymotion, Scribd, Slideshare, Soundcloud, Spotify, TED, Twitch, Facebook and Instagram.
Template List Thumbnails
When createing Template List items in the Template Manager parameters, you can now set a thumbnail image to use for the Template List dropdown, to give an indication of what HTML content will be inserted by the item. Alternatively, any image with the same name and in the same folder as the template item html file, will be used instead.
Creating Template Items with an associated thumbnail. A list of template items with thumbnails
Thank you to everyone who submitted bug reports and tested development versions. If you find any more issues please submit them on the forum or on github.
Download and Installation
JCE Pro is available for download with a JCE Pro Subscription. If you already have a subscription, please make sure you set your key before updating
Instructions for installing and updating JCE for each Joomla version are available here
This update fixes a number of issues reported since the last update, in particular issues relating to pasting content into the editor in Chrome / WebKit browsers.
Thank you to everyone who submitted bug reports and tested development versions. If you find any more issues please submit them on the forum or on github.
Download and Installation
JCE Pro is available for download with a JCE Pro Subscription. If you already have a subscription, please make sure you set your key before updating
Instructions for installing and updating JCE for each Joomla version are available here
