🚀 New Feature
- Drag and drop element: added a
startDragElementevent so another plugin can begin dragging a specific element programmatically — e.g. from a dedicated drag handle/anchor shown next to a block. Fireeditor.e.fire('startDragElement', element, mouseEvent); the element does not need to be listed indraggableTags(the listener is registered even when that list is empty), so handles can move elements such as<pre>code blocks that are not auto-draggable.
🐛 Bug Fix
- Formatting / Selection: toggling Bold/Italic/Underline (etc.) on a collapsed cursor and then clicking in the editor lost one or more of the pending formats. The click placed the caret just before the empty marker elements, so
clean-htmlremoved them. The caret is now moved back into the innermost pending marker on click, andclean-htmlkeeps empty inline elements that hold the live caret, so the next typed character keeps every format. Fixes #1291. - History / Enter: pressing Enter while a selection was active (e.g. Ctrl+A then Enter) required two Ctrl+Z presses to undo — the first only reverted to an intermediate empty state. The delete-of-selection and the new block are now a single history transaction, so one undo restores the original content. Fixes #1292.
- Security / Config (prototype pollution):
Jodit.configure()— and the internalConfigMerge/ConfigProtohelpers — merged user-supplied options without filtering prototype-mutating keys, so a payload nested under an existing plain-object option such ascontrols(e.g.{"controls":{"__proto__":{"polluted":"yes"}}}) could reach and mutateObject.prototype(CWE-1321). Merging now rejects__proto__,constructor, andprototypeat every nesting level. Responsibly reported by Junming Wu (Dremig).
💅 Polish
- Drag and drop element: dropping a non-editable block (e.g. a
<pre>code sample) no longer leaves an invisible filler text node () next to it. Previously this stray node showed up as an extra empty line untilclean-htmlremoved it later; it is now stripped inonDropright after insertion.