Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@kolkov/angular-editor

Package Overview
Dependencies
Maintainers
1
Versions
108
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@kolkov/angular-editor - npm Package Compare versions

Comparing version
3.0.3
 to
3.0.4
+18
-0
CHANGELOG.md

@@ -0,1 +1,19 @@

<a name="3.0.4"></a>
## [3.0.4](https://github.com/kolkov/angular-editor/compare/v3.0.3...v3.0.4) (2025-12-18) - Security Hotfix
### Security
* **CRITICAL:** Fixed XSS vulnerability in `toggleEditorMode()` method ([#580](https://github.com/kolkov/angular-editor/issues/580)) ([#587](https://github.com/kolkov/angular-editor/pull/587))
- XSS could execute when switching from HTML source mode back to WYSIWYG
- User-entered HTML was set via innerHTML without sanitization
- Sanitization now properly applied in both code paths
- Thanks to @MarioTesoro for finding the root cause and submitting the fix
### Note
v3.0.3 fix was incomplete - it only covered `refreshView()` but not `toggleEditorMode()`. This release provides complete XSS protection.
### Upgrade Recommendation
**IMMEDIATE UPGRADE RECOMMENDED** for all users. This release completes the security fix started in v3.0.3.
---
<a name="3.0.3"></a>

@@ -2,0 +20,0 @@ ## [3.0.3](https://github.com/kolkov/angular-editor/compare/v3.0.2...v3.0.3) (2025-01-22) - Security Hotfix

+1
-1
package.json
{
"name": "@kolkov/angular-editor",
"version": "3.0.3",
"version": "3.0.4",
"description": "A simple native WYSIWYG editor for Angular 20+. Rich Text editor component for Angular.",

@@ -5,0 +5,0 @@ "author": "Andrey Kolkov <a.kolkov@gmail.com>",

+3
-2
README.md

@@ -7,7 +7,8 @@ <p align="center">

[![npm version](https://badge.fury.io/js/%40kolkov%2Fangular-editor.svg)](https://badge.fury.io/js/%40kolkov%2Fangular-editor)
[![npm](https://img.shields.io/npm/v/@kolkov/angular-editor.svg)](https://www.npmjs.com/package/@kolkov/angular-editor)
[![CI](https://github.com/kolkov/angular-editor/actions/workflows/publish.yml/badge.svg)](https://github.com/kolkov/angular-editor/actions/workflows/publish.yml)
[![npm downloads](https://img.shields.io/npm/dm/@kolkov/angular-editor.svg)](https://www.npmjs.com/package/@kolkov/angular-editor)
[![demo](https://img.shields.io/badge/demo-StackBlitz-blueviolet.svg)](https://stackblitz.com/edit/angular-editor-wysiwyg)
[![npm](https://img.shields.io/npm/dm/@kolkov/angular-editor.svg)](https://www.npmjs.com/package/@kolkov/angular-editor)
[![](https://data.jsdelivr.com/v1/package/npm/@kolkov/angular-editor/badge?style=rounded)](https://www.jsdelivr.com/package/npm/@kolkov/angular-editor)
[![codecov](https://codecov.io/gh/kolkov/angular-editor/branch/main/graph/badge.svg)](https://codecov.io/gh/kolkov/angular-editor)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://paypal.me/AndreyKolkov)

@@ -14,0 +15,0 @@ 

fesm2022/kolkov-angular-editor.mjs

Sorry, the diff of this file is too big to display

fesm2022/kolkov-angular-editor.mjs.map

Sorry, the diff of this file is too big to display