Security News
ESLint is Now Language-Agnostic: Linting JSON, Markdown, and Beyond
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
@ckeditor/ckeditor5-html-embed
Advanced tools
@ckeditor/ckeditor5-html-embed is a plugin for CKEditor 5 that allows users to embed raw HTML content into the editor. This can be useful for embedding custom HTML snippets, third-party widgets, or any other HTML content that needs to be rendered within the editor.
Embedding HTML
This feature allows users to embed raw HTML content directly into the CKEditor 5 instance. The code sample demonstrates how to initialize CKEditor 5 with the HtmlEmbed plugin and add the 'htmlEmbed' button to the toolbar.
ClassicEditor.create(document.querySelector('#editor'), { plugins: [ HtmlEmbed, ... ], toolbar: [ 'htmlEmbed', ... ] })
Configuring HTML Embed
This feature allows users to configure the HTML embed functionality, such as enabling HTML previews and providing a custom HTML sanitization function. The code sample shows how to set these configurations during the editor initialization.
ClassicEditor.create(document.querySelector('#editor'), { plugins: [ HtmlEmbed, ... ], toolbar: [ 'htmlEmbed', ... ], htmlEmbed: { showPreviews: true, sanitizeHtml: (inputHtml) => { return { html: inputHtml, hasChanged: false }; } } })
Quill is a modern WYSIWYG editor built for compatibility and extensibility. It supports embedding custom HTML content through its Delta format and custom blot extensions. Compared to @ckeditor/ckeditor5-html-embed, Quill offers a different approach to embedding HTML by using its own data structure and API.
TinyMCE is a popular rich text editor that provides extensive customization options, including the ability to embed raw HTML content. It offers a similar feature set to @ckeditor/ckeditor5-html-embed but with a different API and configuration options. TinyMCE is known for its flexibility and wide range of plugins.
Froala Editor is a lightweight WYSIWYG editor with a focus on performance and user experience. It allows embedding custom HTML content through its API and supports various customization options. Compared to @ckeditor/ckeditor5-html-embed, Froala Editor provides a more streamlined and user-friendly interface.
This package implements the HTML embed feature for CKEditor 5. It allows embedding an arbitrary HTML snippet in the rich-text editor.
Check out the demo in the HTML embed feature guide.
See the @ckeditor/ckeditor5-html-embed
package page as well as the HTML embed feature guide in CKEditor 5 documentation.
npm install ckeditor5
Licensed under the terms of GNU General Public License Version 2 or later. For full details about the license, please check the LICENSE.md
file or https://ckeditor.com/legal/ckeditor-oss-license.
43.1.1 (September 25, 2024)
We are happy to announce the release of CKEditor 5 v43.1.1.
During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 clipboard package (CVE-2024-45613
). This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert malicious content into the editor, which might happen with a very specific editor configuration.
This vulnerability affects only installations where the editor configuration meets the following criteria:
You can read more details in the relevant security advisory and contact us if you have more questions.
Taking the occasion, we decided to introduce additional hardening to some parts of our codebase that introduce theoretical and unexploitable issues. Our security team confirmed that none of these issues were exploitable in a real scenario, however, we decided to fix them, in order to increase the overall security posture of our software.
Check out the Versioning policy guide for more information.
<details> <summary>Released packages (summary)</summary>Other releases:
FAQs
HTML embed feature for CKEditor 5.
The npm package @ckeditor/ckeditor5-html-embed receives a total of 198,537 weekly downloads. As such, @ckeditor/ckeditor5-html-embed popularity was classified as popular.
We found that @ckeditor/ckeditor5-html-embed demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.