@ckeditor/ckeditor5-core
Advanced tools
Comparing version 43.1.0-alpha.7 to 43.1.0-alpha.8
@@ -813,39 +813,2 @@ /** | ||
/** | ||
* Callback used to sanitize the HTML provided by the user when generating previews of it in the editor. | ||
* | ||
* We strongly recommend overwriting the default function to avoid XSS vulnerabilities. | ||
* | ||
* Read more about the security aspect of this feature in the {@glink getting-started/setup/html-security "HTML security"} | ||
* guide. | ||
* | ||
* The function receives the input HTML (as a string), and should return an object | ||
* that matches the {@link module:core/editor/editorconfig~SanitizedOutput} interface. | ||
* | ||
* ```ts | ||
* ClassicEditor | ||
* .create( editorElement, { | ||
* sanitizeHtml( inputHtml ) { | ||
* // Strip unsafe elements and attributes, e.g.: | ||
* // the `<script>` elements and `on*` attributes. | ||
* const outputHtml = sanitize( inputHtml ); | ||
* | ||
* return { | ||
* html: outputHtml, | ||
* // `true` or `false` depending on whether the sanitizer stripped anything. | ||
* hasChanged: inputHtml !== outputHtml | ||
* }; | ||
* } ) | ||
* .then( ... ) | ||
* .catch( ... ); | ||
* ``` | ||
* | ||
* This function is used by following features: | ||
* | ||
* * {@glink features/html/html-embed HTML embed} | ||
* (when {@link module:html-embed/htmlembedconfig~HtmlEmbedConfig#showPreviews `showPreviews`} flag is set). | ||
* * {@glink features/merge-fields Merge fields} | ||
* (when {@link module:merge-fields/mergefieldsconfig~MergeFieldsConfig#previewHtmlValues `previewHtmlValues`} flag is set). | ||
*/ | ||
sanitizeHtml?: HtmlSanitizationCallback; | ||
/** | ||
* Label text for the `aria-label` attribute set on editor editing area. Used by assistive technologies | ||
@@ -1031,15 +994,1 @@ * to tell apart multiple editor instances (editing areas) on the page. If not set, a default | ||
} | ||
/** | ||
* An object returned by the {@link module:core/editor/editorconfig~EditorConfig#sanitizeHtml} function. | ||
*/ | ||
export interface SanitizedOutput { | ||
/** | ||
* An output (safe) HTML that will be inserted into the {@glink framework/architecture/editing-engine editing view}. | ||
*/ | ||
html: string; | ||
/** | ||
* A flag that indicates whether the output HTML is different than the input value. | ||
*/ | ||
hasChanged: boolean; | ||
} | ||
export type HtmlSanitizationCallback = (html: string) => SanitizedOutput; |
@@ -22,3 +22,3 @@ /** | ||
export { default as Editor, type EditorReadyEvent, type EditorDestroyEvent } from './editor/editor.js'; | ||
export type { EditorConfig, LanguageConfig, ToolbarConfig, ToolbarConfigItem, UiConfig, SanitizedOutput } from './editor/editorconfig.js'; | ||
export type { EditorConfig, LanguageConfig, ToolbarConfig, ToolbarConfigItem, UiConfig } from './editor/editorconfig.js'; | ||
export { default as attachToForm } from './editor/utils/attachtoform.js'; | ||
@@ -25,0 +25,0 @@ export { default as DataApiMixin, type DataApi } from './editor/utils/dataapimixin.js'; |
{ | ||
"name": "@ckeditor/ckeditor5-core", | ||
"version": "43.1.0-alpha.7", | ||
"version": "43.1.0-alpha.8", | ||
"description": "The core architecture of CKEditor 5 – the best browser-based rich text editor.", | ||
@@ -27,5 +27,5 @@ "keywords": [ | ||
"dependencies": { | ||
"@ckeditor/ckeditor5-engine": "43.1.0-alpha.7", | ||
"@ckeditor/ckeditor5-utils": "43.1.0-alpha.7", | ||
"@ckeditor/ckeditor5-watchdog": "43.1.0-alpha.7", | ||
"@ckeditor/ckeditor5-engine": "43.1.0-alpha.8", | ||
"@ckeditor/ckeditor5-utils": "43.1.0-alpha.8", | ||
"@ckeditor/ckeditor5-watchdog": "43.1.0-alpha.8", | ||
"lodash-es": "4.17.21" | ||
@@ -32,0 +32,0 @@ }, |
@@ -8,3 +8,3 @@ /** | ||
*/ | ||
import { Config, CKEditorError, ObservableMixin, logWarning } from '@ckeditor/ckeditor5-utils'; | ||
import { Config, CKEditorError, ObservableMixin } from '@ckeditor/ckeditor5-utils'; | ||
import { Conversion, DataController, EditingController, Model, StylesProcessor } from '@ckeditor/ckeditor5-engine'; | ||
@@ -45,2 +45,12 @@ import { ContextWatchdog, EditorWatchdog } from '@ckeditor/ckeditor5-watchdog'; | ||
super(); | ||
if ('sanitizeHtml' in config) { | ||
/** | ||
* Configuration property `config.sanitizeHtml` was removed in CKEditor version 43.1.0 and is no longer supported. | ||
* | ||
* Please use `config.htmlEmbed.sanitizeHtml` and/or `config.mergeFields.sanitizeHtml` instead. | ||
* | ||
* @error editor-config-sanitizehtml-not-supported | ||
*/ | ||
throw new CKEditorError('editor-config-sanitizehtml-not-supported'); | ||
} | ||
const constructor = this.constructor; | ||
@@ -61,18 +71,2 @@ // We don't pass translations to the config, because its behavior of splitting keys | ||
this.config.define(this._context._getEditorConfig()); | ||
this.config.define('sanitizeHtml', function (rawHtml) { | ||
/** | ||
* One of the editor features directly inserts unsanitized HTML code into the editor. | ||
* It is strongly recommended to define a sanitize function that will clean up the input HTML | ||
* in order to avoid XSS vulnerability. | ||
* | ||
* For a detailed overview, check the {@glink getting-started/setup/html-security "HTML security"} guide. | ||
* | ||
* @error provide-sanitize-function | ||
*/ | ||
logWarning('provide-sanitize-function'); | ||
return { | ||
html: rawHtml, | ||
hasChanged: false | ||
}; | ||
}); | ||
this.plugins = new PluginCollection(this, availablePlugins, this._context.plugins); | ||
@@ -79,0 +73,0 @@ this.locale = this._context.locale; |
@@ -809,39 +809,2 @@ /** | ||
/** | ||
* Callback used to sanitize the HTML provided by the user when generating previews of it in the editor. | ||
* | ||
* We strongly recommend overwriting the default function to avoid XSS vulnerabilities. | ||
* | ||
* Read more about the security aspect of this feature in the {@glink getting-started/setup/html-security "HTML security"} | ||
* guide. | ||
* | ||
* The function receives the input HTML (as a string), and should return an object | ||
* that matches the {@link module:core/editor/editorconfig~SanitizedOutput} interface. | ||
* | ||
* ```ts | ||
* ClassicEditor | ||
* .create( editorElement, { | ||
* sanitizeHtml( inputHtml ) { | ||
* // Strip unsafe elements and attributes, e.g.: | ||
* // the `<script>` elements and `on*` attributes. | ||
* const outputHtml = sanitize( inputHtml ); | ||
* | ||
* return { | ||
* html: outputHtml, | ||
* // `true` or `false` depending on whether the sanitizer stripped anything. | ||
* hasChanged: inputHtml !== outputHtml | ||
* }; | ||
* } ) | ||
* .then( ... ) | ||
* .catch( ... ); | ||
* ``` | ||
* | ||
* This function is used by following features: | ||
* | ||
* * {@glink features/html/html-embed HTML embed} | ||
* (when {@link module:html-embed/htmlembedconfig~HtmlEmbedConfig#showPreviews `showPreviews`} flag is set). | ||
* * {@glink features/merge-fields Merge fields} | ||
* (when {@link module:merge-fields/mergefieldsconfig~MergeFieldsConfig#previewHtmlValues `previewHtmlValues`} flag is set). | ||
*/ | ||
sanitizeHtml?: HtmlSanitizationCallback; | ||
/** | ||
* Label text for the `aria-label` attribute set on editor editing area. Used by assistive technologies | ||
@@ -1027,15 +990,1 @@ * to tell apart multiple editor instances (editing areas) on the page. If not set, a default | ||
} | ||
/** | ||
* An object returned by the {@link module:core/editor/editorconfig~EditorConfig#sanitizeHtml} function. | ||
*/ | ||
export interface SanitizedOutput { | ||
/** | ||
* An output (safe) HTML that will be inserted into the {@glink framework/architecture/editing-engine editing view}. | ||
*/ | ||
html: string; | ||
/** | ||
* A flag that indicates whether the output HTML is different than the input value. | ||
*/ | ||
hasChanged: boolean; | ||
} | ||
export type HtmlSanitizationCallback = (html: string) => SanitizedOutput; |
@@ -18,3 +18,3 @@ /** | ||
export { default as Editor, type EditorReadyEvent, type EditorDestroyEvent } from './editor/editor.js'; | ||
export type { EditorConfig, LanguageConfig, ToolbarConfig, ToolbarConfigItem, UiConfig, SanitizedOutput } from './editor/editorconfig.js'; | ||
export type { EditorConfig, LanguageConfig, ToolbarConfig, ToolbarConfigItem, UiConfig } from './editor/editorconfig.js'; | ||
export { default as attachToForm } from './editor/utils/attachtoform.js'; | ||
@@ -21,0 +21,0 @@ export { default as DataApiMixin, type DataApi } from './editor/utils/dataapimixin.js'; |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
1939435
13729
+ Added@ckeditor/ckeditor5-engine@43.1.0-alpha.8(transitive)
+ Added@ckeditor/ckeditor5-utils@43.1.0-alpha.8(transitive)
+ Added@ckeditor/ckeditor5-watchdog@43.1.0-alpha.8(transitive)
- Removed@ckeditor/ckeditor5-engine@43.1.0-alpha.7(transitive)
- Removed@ckeditor/ckeditor5-utils@43.1.0-alpha.7(transitive)
- Removed@ckeditor/ckeditor5-watchdog@43.1.0-alpha.7(transitive)