Take control over what external links and embedded media is permitted in the Trix editor via copy/paste
bundle add trix_embed
yarn add trix-embed@$(bundle show trix_embed | ruby -ne 'puts $_.split(/-/).last')
import Trix from 'trix'
import "@rails/actiontext"
import { Application, Controller } from '@hotwired/stimulus'
import TrixEmbed from 'trix-embed'
const application = Application.start()
TrixEmbed.initialize({ application, Controller, Trix })
Configure allow and/or block lists for external links and embedded media in your Trix editors.
⚠︎ Block lists have precendence!
Note that you can also use wildcards * in any of lists.
TODO: document...
Allow everything
<form>
<input id="content" name="content" type="hidden">
<trix-editor id="editor" input="content"
data-controller="trix-embed"
data-trix-embed-allowed-link-hosts-value='["*"]'
data-trix-embed-allowed-media-hosts-value='["*"]'>
</trix-editor>
</form>
Allow links to all hosts and allow media (images, videos, etc.) from the following hosts: vimeo.com, voomly.com, youtube.com
<form>
<input id="content" name="content" type="hidden">
<trix-editor id="editor" input="content"
data-controller="trix-embed"
data-trix-embed-allowed-link-hosts-value='["*"]'
data-trix-embed-allowed-media-hosts-value='["vimeo.com", "voomly.com", "youtube.com"]'>
</trix-editor>
</form>
Block everything
<form>
<input id="content" name="content" type="hidden">
<trix-editor id="editor" input="content"
data-controller="trix-embed"
data-trix-embed-block-link-hosts-value='["*"]'
data-trix-embed-block-media-hosts-value='["*"]'>
</trix-editor>
</form>
...or simply.
<form>
<input id="content" name="content" type="hidden">
<trix-editor id="editor" input="content" data-controller="trix-embed">
</trix-editor>
</form>
Block links to the following hosts: 4chan.org, 8chan.net, thepiratebay.org
and block media (images, videos, etc.) from the following hosts: deviantart.com, imgur.com, tumblr.com
<form>
<input id="content" name="content" type="hidden">
<trix-editor id="editor" input="content"
data-controller="trix-embed"
data-trix-embed-blocked-link-hosts-value='["4chan.org", "8chan.net", "thepiratebay.org"]'
data-trix-embed-blocked-media-hosts-value='["deviantart.com", "imgur.com", "tumblr.com"]'>
</trix-editor>
</form>
Proudly sponsored by
git clone https://github.com/hopsoft/trix_embed.git
cd trix_embed
bin/dev
yarn and bundle to pick up the latestlib/trix_embed/version.rb. Pre-release versions use .preNpackage.json (make sure it matches). Pre-release versions use -preNyarn build - builds both the Ruby gem and the NPM packagerake releaseyarn publish --no-git-tag-version --access public --new-version X.X.X (use same version number)The gem is available as open source under the terms of the MIT License.
FAQs
Take control over what external links and embedded media is permitted in the Trix editor via copy/paste
We found that trix-embed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.