Fixed "Insert link" doesn't respect cursor position anymore since XenForo 2.2.13

[Empty]

Will xenforo be patching this in soon? Seems like the fix is out.

 

[Chris D]

We have rolled out Froala v4.0.19 today here which appears to have resolved this issue.

 

[Alvin63]

I still don't know what Froala is Has an update been rolled out?

 

[Chris D]

Froala are the developers of the rich text editor we use. The update has been rolled out here. It will be available to everyone else in the next XF release.

 

[btmgreg]

We have rolled out Froala v4.0.19 today here which appears to have resolved this issue.

Out of pure interest - With Froala, since June when 4.0.19 was released, there's been 3 further releases including a major version change (4.1) - would bringing XFs version of the editor in-line with the newest update pose great benefits? It looks like there's some decent accessibility improvements, too.

 

[Chris D]

We’re already running the latest version, 4.1.2 here.

 

[btmgreg]

We’re already running the latest version, 4.1.2 here.

Can't sleep either huh? Perfect news btw. Thank you

 

[Empty]

Would it be possible to get a mini patch for this like we got for the other error regarding links? 2.3 seems it'll be a couple months away still and my members are frustrated.

 

[digitalpoint]

Would it be possible to get a mini patch for this like we got for the other error regarding links? 2.3 seems it'll be a couple months away still and my members are frustrated.

2.2.14 I'd wager, not 2.3.

 

[Empty]

2.2.14 I'd wager, not 2.3.

I was under the impression .13 is going to be the last release, if I was mistaken then please disregard!

 

[digitalpoint]

The next version is 2.2.14.

 

[Chris D]

You can always download any of the JS files we load here and upload them to your server. You’ll want js/xf/editor-compiled.js which contains the updated Froala.

 

[Chris D]

But, yes, 2.2.14 is the next release.

 

[Moshe1010]

Out of pure interest - With Froala, since June when 4.0.19 was released, there's been 3 further releases including a major version change (4.1) - would bringing XFs version of the editor in-line with the newest update pose great benefits? It looks like there's some decent accessibility improvements, too.

4.1.2 has a bug with Safari browsers not showing the editing toolbar

 

[Kirby]

4.1.2 has a bug with Safari browsers not showing the editing toolbar

Froala keeps introducing better bugs with every release ...

 

[zappaDPJ]

Froala keeps introducing better bugs with every release ...

Including an XSS vulnerability in 4.1.1 which appears to have gone unfixed in 4.1.2.

https://nvd.nist.gov/vuln/detail/CVE-2023-42426

 

[Paul B]

Good job we won't be using Froala for much longer™.

 

[Chris D]

Including an XSS vulnerability in 4.1.1 which appears to have gone unfixed in 4.1.2.

https://nvd.nist.gov/vuln/detail/CVE-2023-42426

The severity of this is very much diminished in XF, reclassifying it as more of a self-XSS vector than anything.

By the time XF gets a hold of the output this generates, it is essentially sanitised by virtue of us converting it to BB code.

That being said, very alarming for anyone who may be using Froala output without sanitization, and even more alarming that they are comfortable to ignore it for an entire release cycle.

The iPad/iOS bug is still not marked as fixed, despite them now having it clearly explained to them exactly what the issue is.

 

[btmgreg]

4.1.2 has a bug with Safari browsers not showing the editing toolbar

Proof that the latest is not always the greatest! Though very nice to see components updated (albeit before something new comes along)

 

[Lumbergh]

You can always download any of the JS files we load here and upload them to your server. You’ll want js/xf/editor-compiled.js which contains the updated Froala.

I copied the file to my server and it works great. Thank you!