Security News
ESLint is Now Language-Agnostic: Linting JSON, Markdown, and Beyond
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
@ckeditor/ckeditor5-upload
Advanced tools
@ckeditor/ckeditor5-upload is a plugin for CKEditor 5 that provides file upload capabilities. It allows users to upload images and other files directly within the editor, enhancing the content creation experience.
Simple Upload Adapter
This feature allows you to configure a simple upload adapter that sends files to a specified server endpoint. The server should handle the file storage and return the URL of the uploaded file.
ClassicEditor.create(document.querySelector('#editor'), { extraPlugins: [SimpleUploadAdapter], simpleUpload: { uploadUrl: 'https://your-upload-endpoint.com/upload' } })
Base64 Upload Adapter
This feature enables the Base64 upload adapter, which converts files to Base64 strings and embeds them directly into the content. This is useful for quick prototyping or when you don't have a server-side upload handler.
ClassicEditor.create(document.querySelector('#editor'), { extraPlugins: [Base64UploadAdapter] })
Custom Upload Adapter
This feature allows you to create a custom upload adapter by defining your own upload logic. This is useful when you need more control over the upload process or need to integrate with a specific backend service.
class MyUploadAdapter { constructor(loader) { this.loader = loader; } upload() { return this.loader.file.then(file => new Promise((resolve, reject) => { const data = new FormData(); data.append('file', file); fetch('https://your-upload-endpoint.com/upload', { method: 'POST', body: data }) .then(response => response.json()) .then(result => resolve({ default: result.url })) .catch(reject); })); } } ClassicEditor.create(document.querySelector('#editor'), { extraPlugins: [function(editor) { editor.plugins.get('FileRepository').createUploadAdapter = loader => new MyUploadAdapter(loader); }] })
quill-image-uploader is a module for the Quill rich text editor that provides image upload capabilities. It allows users to upload images directly within the editor. Compared to @ckeditor/ckeditor5-upload, it is specific to the Quill editor and offers similar functionality for image uploads.
react-dropzone is a React component for handling file uploads via drag and drop. While it is not specific to any rich text editor, it can be integrated with various editors to provide file upload capabilities. It offers more flexibility in terms of how files are uploaded and handled compared to @ckeditor/ckeditor5-upload.
This package implements various file upload utilities for CKEditor 5.
See the @ckeditor/ckeditor5-upload
package page in CKEditor 5 documentation.
npm install ckeditor5
Licensed under the terms of GNU General Public License Version 2 or later. For full details about the license, please check the LICENSE.md
file or https://ckeditor.com/legal/ckeditor-oss-license.
43.1.1 (September 25, 2024)
We are happy to announce the release of CKEditor 5 v43.1.1.
During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 clipboard package (CVE-2024-45613
). This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert malicious content into the editor, which might happen with a very specific editor configuration.
This vulnerability affects only installations where the editor configuration meets the following criteria:
You can read more details in the relevant security advisory and contact us if you have more questions.
Taking the occasion, we decided to introduce additional hardening to some parts of our codebase that introduce theoretical and unexploitable issues. Our security team confirmed that none of these issues were exploitable in a real scenario, however, we decided to fix them, in order to increase the overall security posture of our software.
Check out the Versioning policy guide for more information.
<details> <summary>Released packages (summary)</summary>Other releases:
FAQs
Upload feature for CKEditor 5.
The npm package @ckeditor/ckeditor5-upload receives a total of 368,486 weekly downloads. As such, @ckeditor/ckeditor5-upload popularity was classified as popular.
We found that @ckeditor/ckeditor5-upload demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.