@ckeditor/ckeditor5-restricted-editing
Advanced tools
Restricted editing feature for CKEditor 5 editors.
@ckeditor/ckeditor5-restricted-editing is a plugin for CKEditor 5 that allows you to restrict editing to specific parts of the content. This is useful for scenarios where you want to protect certain parts of the document from being modified by users while allowing them to edit other parts.
Enable Restricted Editing Mode
This code initializes the CKEditor with the Restricted Editing Mode plugin enabled. It adds the 'restrictedEditing' button to the toolbar, allowing users to toggle the restricted editing mode.
ClassicEditor.create(document.querySelector('#editor'), { plugins: [ RestrictedEditingMode, ... ], toolbar: [ 'restrictedEditing', ... ] })Mark Editable Regions
This code marks a specific range in the document as an editable region. Users will be able to edit only within this range when the restricted editing mode is enabled.
editor.execute('restrictedEditingException', { commandParams: { range: editor.model.createRange(editor.model.createPositionAt(editor.model.document.getRoot(), 0), editor.model.createPositionAt(editor.model.document.getRoot(), 5)) } })Toggle Restricted Editing Mode
This code toggles the restricted editing mode on or off. When enabled, users can only edit the marked editable regions.
editor.execute('restrictedEditing')Quill is a modern WYSIWYG editor built for compatibility and extensibility. While it does not have a built-in restricted editing mode, it offers a modular architecture that allows developers to implement similar functionality through custom modules.
TinyMCE is a popular rich text editor that provides a wide range of features and plugins. It does not have a direct equivalent to restricted editing mode, but it offers content protection features through its premium plugins.
ProseMirror is a toolkit for building rich text editors with a focus on extensibility and customizability. Developers can create custom plugins to implement restricted editing functionality similar to @ckeditor/ckeditor5-restricted-editing.
This package implements the restricted editing feature for CKEditor 5.
Check out the demo in the restricted editing feature guide.
See the @ckeditor/ckeditor5-restricted-editing package page as well as the restricted editing feature guide in the CKEditor 5 documentation.
npm install ckeditor5
Licensed under the terms of GNU General Public License Version 2 or later. For full details about the license, please check the LICENSE.md file or https://ckeditor.com/legal/ckeditor-oss-license.
43.1.1 (September 25, 2024)
We are happy to announce the release of CKEditor 5 v43.1.1.
During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 clipboard package (CVE-2024-45613). This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert malicious content into the editor, which might happen with a very specific editor configuration.
This vulnerability affects only installations where the editor configuration meets the following criteria:
You can read more details in the relevant security advisory and contact us if you have more questions.
Taking the occasion, we decided to introduce additional hardening to some parts of our codebase that introduce theoretical and unexploitable issues. Our security team confirmed that none of these issues were exploitable in a real scenario, however, we decided to fix them, in order to increase the overall security posture of our software.
Check out the Versioning policy guide for more information.
<details> <summary>Released packages (summary)</summary>Other releases:
FAQs
Restricted editing feature for CKEditor 5 editors.
The npm package @ckeditor/ckeditor5-restricted-editing receives a total of 173,484 weekly downloads. As such, @ckeditor/ckeditor5-restricted-editing popularity was classified as popular.
We found that @ckeditor/ckeditor5-restricted-editing demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.