Security News
ESLint is Now Language-Agnostic: Linting JSON, Markdown, and Beyond
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
@ckeditor/ckeditor5-cloud-services
Advanced tools
@ckeditor/ckeditor5-cloud-services is a package that provides cloud-based services for CKEditor 5, including real-time collaboration, image upload, and automatic save. It allows developers to integrate these features into their CKEditor 5 instances with ease.
Real-time Collaboration
This feature allows multiple users to collaborate on the same document in real-time. The code sample demonstrates how to initialize CKEditor 5 with cloud services for real-time collaboration.
const ClassicEditor = require('@ckeditor/ckeditor5-editor-classic/src/classiceditor');
const CloudServices = require('@ckeditor/ckeditor5-cloud-services/src/cloudservices');
ClassicEditor.create(document.querySelector('#editor'), {
cloudServices: {
tokenUrl: 'https://example.com/cs-token-endpoint',
uploadUrl: 'https://your-organization-id.cke-cs.com/easyimage/upload/'
}
}).then(editor => {
console.log('Editor was initialized', editor);
}).catch(error => {
console.error(error.stack);
});
Image Upload
This feature allows users to upload images to the cloud directly from the editor. The code sample shows how to configure the editor to use cloud services for image uploads.
const ClassicEditor = require('@ckeditor/ckeditor5-editor-classic/src/classiceditor');
const CloudServices = require('@ckeditor/ckeditor5-cloud-services/src/cloudservices');
ClassicEditor.create(document.querySelector('#editor'), {
cloudServices: {
tokenUrl: 'https://example.com/cs-token-endpoint',
uploadUrl: 'https://your-organization-id.cke-cs.com/easyimage/upload/'
}
}).then(editor => {
console.log('Editor was initialized', editor);
}).catch(error => {
console.error(error.stack);
});
Automatic Save
This feature enables automatic saving of the document content to the server. The code sample demonstrates how to set up automatic save functionality using cloud services.
const ClassicEditor = require('@ckeditor/ckeditor5-editor-classic/src/classiceditor');
const CloudServices = require('@ckeditor/ckeditor5-cloud-services/src/cloudservices');
ClassicEditor.create(document.querySelector('#editor'), {
cloudServices: {
tokenUrl: 'https://example.com/cs-token-endpoint',
uploadUrl: 'https://your-organization-id.cke-cs.com/easyimage/upload/'
},
autosave: {
save(editor) {
return saveData(editor.getData());
}
}
}).then(editor => {
console.log('Editor was initialized', editor);
}).catch(error => {
console.error(error.stack);
});
function saveData(data) {
// Save data to your server
console.log('Saving data', data);
}
Quill is a modern WYSIWYG editor built for compatibility and extensibility. It offers a similar real-time collaboration feature through third-party services like Pusher or Firebase. However, it does not provide built-in cloud services for image upload or automatic save.
TinyMCE is a popular rich text editor that offers a wide range of plugins for additional functionalities, including image upload and real-time collaboration. Unlike @ckeditor/ckeditor5-cloud-services, TinyMCE requires separate configuration and third-party services for real-time collaboration.
ProseMirror is a toolkit for building rich text editors with a focus on extensibility and customizability. It provides the building blocks for real-time collaboration and image upload but requires more manual setup compared to the out-of-the-box solutions provided by @ckeditor/ckeditor5-cloud-services.
CKEditor 5's Cloud Services integration layer, which handles config.cloudServices
and tokens.
See the @ckeditor/ckeditor5-cloud-services
package page in CKEditor 5 documentation.
npm install ckeditor5
Licensed under the terms of GNU General Public License Version 2 or later. For full details about the license, please check the LICENSE.md
file or https://ckeditor.com/legal/ckeditor-oss-license.
43.1.1 (September 25, 2024)
We are happy to announce the release of CKEditor 5 v43.1.1.
During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 clipboard package (CVE-2024-45613
). This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert malicious content into the editor, which might happen with a very specific editor configuration.
This vulnerability affects only installations where the editor configuration meets the following criteria:
You can read more details in the relevant security advisory and contact us if you have more questions.
Taking the occasion, we decided to introduce additional hardening to some parts of our codebase that introduce theoretical and unexploitable issues. Our security team confirmed that none of these issues were exploitable in a real scenario, however, we decided to fix them, in order to increase the overall security posture of our software.
Check out the Versioning policy guide for more information.
<details> <summary>Released packages (summary)</summary>Other releases:
FAQs
CKEditor 5's Cloud Services integration layer.
The npm package @ckeditor/ckeditor5-cloud-services receives a total of 384,714 weekly downloads. As such, @ckeditor/ckeditor5-cloud-services popularity was classified as popular.
We found that @ckeditor/ckeditor5-cloud-services demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.