Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
ngx-quill
Advanced tools
ngx-quill is an Angular component for the Quill rich text editor. It provides a simple way to integrate Quill into Angular applications, allowing for rich text editing capabilities with a variety of customization options.
Basic Integration
This code demonstrates how to integrate the Quill editor into an Angular component using ngx-quill. The editor's content is bound to the `editorContent` variable using Angular's two-way data binding.
<quill-editor [(ngModel)]="editorContent"></quill-editor>
Custom Toolbar
This code shows how to customize the toolbar of the Quill editor. The toolbar is configured to include buttons for bold, italic, and list formatting options.
<quill-editor [modules]="{ toolbar: [['bold', 'italic'], [{ 'list': 'ordered'}, { 'list': 'bullet' }]] }"></quill-editor>
Form Integration
This example demonstrates how to integrate the Quill editor with Angular forms. The editor is bound to a form control named `editor` within a reactive form.
<form [formGroup]="form"><quill-editor formControlName="editor"></quill-editor></form>
Content Formatting
This code shows how to apply custom styles and enable syntax highlighting in the Quill editor. The editor's height is set to 200 pixels, and syntax highlighting is enabled.
<quill-editor [styles]="{ height: '200px' }" [modules]="{ syntax: true }"></quill-editor>
ngx-editor is another Angular rich text editor that provides similar functionalities to ngx-quill. It offers a simple API for integrating a rich text editor into Angular applications, with support for custom toolbars and form integration. Compared to ngx-quill, ngx-editor is more lightweight but may have fewer customization options.
angular-editor is a lightweight Angular WYSIWYG editor that provides basic rich text editing capabilities. It is easy to integrate and use, making it a good choice for simple use cases. However, it may lack some of the advanced features and customization options available in ngx-quill.
ng2-quill-editor is another Angular wrapper for the Quill editor. It offers similar functionalities to ngx-quill, including support for custom toolbars and form integration. The main difference is in the implementation and API design, which may vary slightly between the two packages.
ngx-quill is an angular (>=2) module for the Quill Rich Text Editor containing all components you need.
If you like my work, feel free to support it. Donations to the project are always welcomed :)
PayPal: PayPal.Me/bengtler
BTC Wallet Address:
3QVyr2tpRLBCw1kBQ59sTDraV6DTswq8Li
ETH Wallet Address:
0x394d44f3b6e3a4f7b4d44991e7654b0cab4af68f
LTC Wallet Address:
MFif769WSZ1g7ReAzzDE7TJVqtkFpmoTyT
quill-view
and quill-view-html
componentAngular | ngx-quill | supported |
---|---|---|
v12 | >= 14.0.0 | until Nov 11, 2022 |
v11 | >= 13.0.0 | until May 11, 2022 |
v10 | >= 12.0.0 | until Dec 24, 2021 |
npm install ngx-quill
npm install ngx-quill@1.6.0
@angular/core
, @angular/common
, @angular/forms
, @angular/platform-browser
, quill
v1.x, @types/quill
v1.x and rxjs
- peer dependencies of ngx-quillnode_modules/quill/dist
), or add them in your css/scss files with @import
statements, or add them external stylings in your build process.
@import '~quill/dist/quill.core.css';
@import '~quill/dist/quill.bubble.css';
@import '~quill/dist/quill.snow.css';
QuillModule
from ngx-quill
:import { QuillModule } from 'ngx-quill'
QuillModule
to the imports of your NgModule:@NgModule({
imports: [
...,
QuillModule.forRoot()
],
...
})
class YourModule { ... }
<quill-editor></quill-editor>
in your templates to add a default quill editorHINT: If you are using lazy loading modules, you have to add QuillModule.forRoot()
to your imports in your root module to make sure the Config
services is registered.
Nothing to do here :)
QuillJS (1.x) is directly using the document
, window
, Node
and navigator
context of the browser, when you require or import it.
To get things working in ssr you need to mock them on server side.
Change your main.server.ts
to something like
import { enableProdMode } from '@angular/core';
import { environment } from './environments/environment';
if (environment.production) {
enableProdMode();
}
// Mock all used objects and functions used by Quill
global['window'] = {}
global['document'] = {
createElement: () => ({
classList: {
toggle: () => {},
contains: () => {}
}
}),
addEventListener: () => {}
}
global['Node'] = {}
global['navigator'] = {}
export { AppServerModule } from './app/app.server.module';
export { renderModule, renderModuleFactory } from '@angular/platform-server';
The quill-editor
and quill-view
component of ngx-quill are doing the rest for you to check, if it is running on server- or browser side.
On server-side both components will not render or do anything, because they depend on QuillJS and so on the real browser environment.
Hint: Set suppressGlobalRegisterWarning: true
in the global config to suppress quilljs warnings.
If you want to render your html content of the editor for seo purposes check out the quill-view-html
component, that simply renders the html content :).
It is possible to set custom default modules and Quill config options with the import of the QuillModule.forRoot()
.
@NgModule({
imports: [
...,
QuillModule.forRoot({
modules: {
syntax: true,
toolbar: [...]
}
})
],
...
})
class YourModule { ... }
If you want to use the syntax
module follow the Syntax Highlight Module Guide.
See Quill Configuration for a full list of config options.
The QuillModule
exports the defaultModules
if you want to extend them :).
Per default when Quill.register
is called and you are overwriting an already existing module, QuillJS logs a warning. If you pass customOptions
or customModules
ngx-quill is registering those modules/options/formats for you.
In e.g. an angular univeral project your AppModule
and so QuillModule.forRoot()
is executed twice (1x server side, 1x browser). QuillJS is running in a mocked env on server side, so it is intendet that every register runs twice.
To subpress those expected warnings you can turn them off by passing suppressGlobalRegisterWarning: true
.
Ngx-quill updates the ngModel or formControl for every user
change in the editor.
Checkout the QuillJS Source parameter of the text-change
event.
If you are using the editor reference to directly manipulate the editor content and want to update the model, pass 'user'
as the source parameter to the QuillJS api methods.
html
, values: html | object | text | json
, sets the model value type - html = html string, object = quill operation object, json = quill operation json, text = plain textconst modules = {
toolbar: [
['bold', 'italic', 'underline', 'strike'], // toggled buttons
['blockquote', 'code-block'],
[{ 'header': 1 }, { 'header': 2 }], // custom button values
[{ 'list': 'ordered'}, { 'list': 'bullet' }],
[{ 'script': 'sub'}, { 'script': 'super' }], // superscript/subscript
[{ 'indent': '-1'}, { 'indent': '+1' }], // outdent/indent
[{ 'direction': 'rtl' }], // text direction
[{ 'size': ['small', false, 'large', 'huge'] }], // custom dropdown
[{ 'header': [1, 2, 3, 4, 5, 6, false] }],
[{ 'color': [] }, { 'background': [] }], // dropdown with defaults from theme
[{ 'font': [] }],
[{ 'align': [] }],
['clean'], // remove formatting button
['link', 'image', 'video'] // link and image, video
]
};
snow
false
, boolean (only for format="html")[styles]="{height: '250px'}"
Insert text here ...
document.body
, pass 'self' to attach the editor elementinvalid
and add ng-invalid
classinvalid
and add ng-invalid
class, only set invalid if editor text not empty --> if you want to check if text is required --> use the required attributefalse
[required]="true"
- default: false, boolean expected (no strings!)[quill-editor-toolbar]
:Try to not use much angular magic here, like (output)
listeners. Use native EventListeners
<quill-editor>
<div quill-editor-toolbar>
<span class="ql-formats">
<button class="ql-bold" [title]="'Bold'"></button>
</span>
<span class="ql-formats">
<select class="ql-align" [title]="'Aligment'">
<option selected></option>
<option value="center"></option>
<option value="right"></option>
<option value="justify"></option>
</select>
<select class="ql-align" [title]="'Aligment2'">
<option selected></option>
<option value="center"></option>
<option value="right"></option>
<option value="justify"></option>
</select>
</span>
</div>
</quill-editor>
top
, possible values top
, bottom
warn
, error
, log
or false
to deactivate logging, default: warn
user
(quill source user) or all
change should be trigger model update, default user
. Using all
is not recommended, it cause some unexpected sideeffects.onContentChanged
, onEditorChanged
, ngModel
and form control value changes. Improves performance (especially when working with large, >2-3 MiB Deltas), as neither editorChangeHandler
, nor textChangeHandler
handler runs internally.null
, but you can set it e.g. to empty stringeditor // Quill
{
editor: editorInstance, // Quill
html: html, // html string
text: text, // plain text string
content: content, // Content - operatins representation
delta: delta, // Delta
oldDelta: oldDelta, // Delta
source: source // ('user', 'api', 'silent' , undefined)
}
{
editor: editorInstance, // Quill
range: range, // Range
oldRange: oldRange, // Range
source: source // ('user', 'api', 'silent' , undefined)
}
{
editor: editorInstance, // Quill
event: 'text-change' // event type
html: html, // html string
text: text, // plain text string
content: content, // Content - operatins representation
delta: delta, // Delta
oldDelta: oldDelta, // Delta
source: source // ('user', 'api', 'silent' , undefined)
}
or
{
editor: editorInstance, // Quill
event: 'selection-change' // event type
range: range, // Range
oldRange: oldRange, // Range
source: source // ('user', 'api', 'silent' , undefined)
}
{
editor: editorInstance, // Quill
source: source // ('user', 'api', 'silent' , undefined)
}
{
editor: editorInstance, // Quill
source: source // ('user', 'api', 'silent' , undefined)
}
In most cases a wysiwyg editor is used in backoffice to store the content to the database. On the other side this value should be used, to show the content to the enduser.
In most cases the html
format is used, but it is not recommended by QuillJS, because it has the intention to be a solid, easy to maintain editor. Because of that it uses blots and object representations of the content and operation.
This content object is easy to store and to maintain, because there is no html syntax parsing necessary. So you even switching to another editor is very easy when you can work with that.
ngx-quill
provides some helper components, to present quilljs content.
In general QuillJS recommends to use a QuillJS instance to present your content. Just create a quill editor without a toolbar and in readonly mode. With some simple css lines you can remove the default border around the content.
As a helper ngx-quill
provides a component where you can pass many options of the quill-editor
like modules, format, formats, customOptions, but renders only the content as readonly and without a toolbar. Import is the content
input, where you can pass the editor content you want to present.
html
, values: html | object | text | json
, sets the model value type - html = html string, object = quill operation object, json = quill operation json, text = plain textsnow
warn
, error
, log
or false
to deactivate logging, default: warn
false
, boolean (only for format="html")<quill-view [content]="content" format="text" theme="snow"></quill-view>
Most of you will use the html
format (even it is not recommended). To render custom html with angular you should use the [innerHTML]
attribute.
But there are some pitfalls:
div
-tag that has the innerHTML
attribute and add the ql-editor
class. Wrap your div in another div
-tag with css classes ql-container
and your theme, e.g. ql-snow
.:<div class="ql-container ql-snow" style="border-width: 0;">
<div class="ql-editor" [innerHTML]="byPassedHTMLString">
</div>
</div>
After that your content should look like what you expected.
If you store html in your database, checkout your backend code, sometimes backends are stripping unwanted tags as well ;).
As a helper ngx-quill
provides a component where you can simply pass your html string and the component does everything for you to render it:
<quill-view-html [content]="htmlstring" theme="snow"></quill-view-html>
snow
false
, boolean (uses DomSanitizer to bypass angular html sanitation when set to false)Angular templates provide some assurance against XSS in the form of client side sanitizing of all inputs https://angular.io/guide/security#xss.
Ngx-quill components provide the input paramter sanitize
to sanitize html-strings passed as ngModel
or formControl
to the component.
It is deactivated per default to avoid stripping content or styling, which is not expected.
But it is recommended to activate this option, if you are working with html strings as model values.
FAQs
Angular components for the easy use of the QuillJS richt text editor.
The npm package ngx-quill receives a total of 100,929 weekly downloads. As such, ngx-quill popularity was classified as popular.
We found that ngx-quill demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.