Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

quill-paste-smart

Package Overview
Dependencies
Maintainers
1
Versions
32
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

quill-paste-smart

Quill Extension to paste only supported HTML

  • 1.4.8
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
2.9K
decreased by-79.37%
Maintainers
1
Weekly downloads
 
Created
Source

Quill Paste Smart

This plugin extends the default clipboard module of Quill.js to prevent users from pasting HTML that does not belong into the editor. To do so it looks into the toolbar configuration and decides which tags and attributes are allowed based on the possible formats.
However, you can also decide on your own, what is allowed.


Installation

You can install this plugin either with npm or with yarn.
Run one of the following commands from your projects root in a bash prompt.

npm i quill-paste-smart
# or: yarn add quill-paste-smart

Usage

Since this plugin registers itself, it is sufficient to just import it.

import Quill from 'quill';
import 'quill-paste-smart';

Demos


Configuration

Out of the box this plugin will remove all HTML tags and attributes that are not available in the toolbar formats.
If you don't agree with the default settings, you can decide what is allowed by yourself.
Also I thought it could be useful to keep the pasted content selected after pasting, so there is a setting for it too.

A valid configuration could look like this:

const options = {
    theme: 'snow',
    modules: {
        clipboard: {
            allowed: {
                tags: ['a', 'b', 'strong', 'u', 's', 'i', 'p', 'br', 'ul', 'ol', 'li', 'span'],
                attributes: ['href', 'rel', 'target', 'class']
            },
            keepSelection: true,
            substituteBlockElements: true,
            magicPasteLinks: true,
            hooks: {
                uponSanitizeElement(node, data, config) {
                    console.log(node);
                },
            },
        },
    },
};
new Quill('#editor', options);

:raised_hand: Probably you don't need a custom configuration.
You could stick with the default settings by completely omit the clipboard object in your quill options.

Configuration Object
keyvalid valuesdefault valuetypedescription
allowed.tagsHTML tagsundefinedArray<string>Here you can define any HTML tag that should be allowed to be pasted. If this setting is not specified, allowed tags are determined by possible formats in the toolbar
allowed.attributesHTML attributesundefinedArray<string>Here you can define any HTML attributes that should be allowed to be pasted. If this setting is not specified, allowed attributes are determined by possible formats in the toolbar
substituteBlockElementstrue falsetrueBooleanIf this setting is set to true all forbidden block type tags will be substituted by one of the allowed tags p/div/section
keepSelectiontrue falsefalseBooleanIf this setting is set to true the pasted content will be selected after pasting it. Otherwise the cursor will be placed right after the pasted content
magicPasteLinkstrue falsefalseBooleanIf this setting is set to true pasted URLs over selected text will be converted to an a tag. Example: If you select the word foo and paste the URL https://foo.bar/ the result will be <a href="https://foo.bar/">foo</a>. Note: This only works if there is nothing pasted except a valid URL.
hooksDOMPurify HooksundefinedArray<function>Here you can define any of the DOMPurify hooks. This can be handy if you need to cusomtize the HTML sanitizer. For more information see the hook demos from DOMPurify.
BE AWARE
Here you can mess up things. E.g. You could create an infinite loop by adding not allowed tags to the node.

CommonJS

It is possible to use this module by including it though a <script> tag. Here is a full example.


<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Quill Paste Smart</title>
    <link href="https://unpkg.com/quill@latest/dist/quill.snow.css" rel="stylesheet">
</head>
<body>
    <div id="editor"></div>

    <script src="https://unpkg.com/quill@latest/dist/quill.js"></script>
    <script src="https://unpkg.com/quill-paste-smart@latest/dist/quill-paste-smart.js"></script>

    <script>
        var quill = new Quill('#editor', {
            theme: 'snow',
            modules: {
                toolbar: ['bold', 'italic', 'underline', 'link'],
            }
        });
    </script>
</body>
</html>

License

This plugin is licensed under the terms of the MIT License (See LICENSE file for details).

Keywords

FAQs

Package last updated on 05 Jul 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

GitHub Removes Malicious Pull Requests Targeting Open Source Repositories

Security News

GitHub Removes Malicious Pull Requests Targeting Open Source Repositories

GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.

By Sarah Gooding  -  Nov 13, 2024
RubyGems.org Adds New Maintainer Role

Security News

RubyGems.org Adds New Maintainer Role

RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.

By Sarah Gooding  -  Nov 12, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc