ckeditor5 1.16.0 → 1.16.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e91fe2d11179c703901756efa978fcedcd3030d0381c4e550ab8c9c15ef73a19
-  data.tar.gz: 4119948cdae51969b3d1e77801f20faecd81cfbf2755388fc444421e7da8bdb9
+  metadata.gz: 95f068ef75561d88a26a68c5aafa6e6f86b55405984e83bf35909085f288f9ba
+  data.tar.gz: d72e733641c5ac8c4f9d1e20731d54ffd2c0e4d88bc3b82618eb62b8c2820049
 SHA512:
-  metadata.gz: d4f236d5bc883344daa8fa9bc0b7d55e3898360dd8fabfd48265bbd1eedf3c654e8ba6baf5b0a1ba5ffa215c6b2c14a60c02f7182b81885a875b0a4902f67746
-  data.tar.gz: 593de9199583c1f22a38b9858967eca63b9c98eef8b7a6a1e5a06ccfa1df759424dab96ed88c1719614744b26c8a32920722156875ba748e66c80272eeb0fd78
+  metadata.gz: 31fb63fa1ac20061e1c28150178b7b8f92ca54e99073f2e180a7823d7f76f58c75a9f55e70b9a6f729d9715389b1a349305027e6d6c0c56bb2f7539d1a6bc0ad
+  data.tar.gz: 4019ffcc8e326be64930092815d5ff68436e4c242a67853adf735b4667aa7bec624df66fe9614d0f7e4bb00c67c2c0cf0e1195c43647d397b9f99ab8a0637479

data/lib/ckeditor5/rails/assets/webcomponents/components/context.mjs

@@ -12,12 +12,7 @@ class CKEditorContextComponent extends HTMLElement {
   /** @type {Set<CKEditorComponent>} */
   #connectedEditors = new Set();
 
-  /** @type {String} Attributes checksum hash */
-  #integrity = '';
-
   async connectedCallback() {
-    this.#integrity = this.getAttribute('integrity');
-
     try {
       execIfDOMReady(() => this.#initializeContext());
     } catch (error) {
@@ -57,22 +52,6 @@ class CKEditorContextComponent extends HTMLElement {
     this.#connectedEditors.delete(editor);
   }
 
-  /**
-   * Validates editor configuration integrity hash to prevent attacks.
-   */
-  async #validateIntegrity() {
-    const integrity = await calculateChecksum({
-      plugins: this.getAttribute('plugins'),
-    });
-
-    if (integrity !== this.#integrity) {
-      throw new Error(
-        'Configuration integrity check failed. It means that #integrity attributes mismatch from attributes passed to webcomponent. ' +
-        'This could be a security issue. Please check if you are passing correct attributes to the webcomponent.'
-      );
-    }
-  }
-
   /**
    * Initialize CKEditor context with shared configuration
    *
@@ -87,8 +66,6 @@ class CKEditorContextComponent extends HTMLElement {
       this.instance = null;
     }
 
-    await this.#validateIntegrity();
-
     const { Context, ContextWatchdog } = await import('ckeditor5');
     const plugins = await this.#getPlugins();
     const config = this.#getConfig();

data/lib/ckeditor5/rails/assets/webcomponents/components/editor.mjs

@@ -40,9 +40,6 @@ class CKEditorComponent extends HTMLElement {
   /** @type {String} ID of editor within context */
   #contextEditorId = null;
 
-  /** @type {String} Attributes checksum hash */
-  #integrity = '';
-
   /** @type {(event: CustomEvent) => void} Event handler for editor change */
   get oneditorchange() {
     return this.#getEventHandler('editorchange');
@@ -109,11 +106,9 @@ class CKEditorComponent extends HTMLElement {
   /**
    * Lifecycle callback when element is connected to DOM
    * Initializes the editor when DOM is ready
-   *
    * @protected
    */
   connectedCallback() {
-    this.#integrity = this.getAttribute('integrity');
     this.#context = this.closest('ckeditor-context-component');
     this.#initialHTML = this.innerHTML;
 
@@ -233,23 +228,6 @@ class CKEditorComponent extends HTMLElement {
     return resolveElementReferences(config);
   }
 
-  /**
-   * Validates editor configuration integrity hash to prevent attacks.
-   */
-  async #validateIntegrity() {
-    const integrity = await calculateChecksum({
-      translations: this.getAttribute('translations'),
-      plugins: this.getAttribute('plugins'),
-    });
-
-    if (integrity !== this.#integrity) {
-      throw new Error(
-        'Configuration integrity check failed. It means that #integrity attributes mismatch from attributes passed to webcomponent. ' +
-        'This could be a security issue. Please check if you are passing correct attributes to the webcomponent.'
-      );
-    }
-  }
-
   /**
    * Creates a new CKEditor instance
    *
@@ -259,8 +237,6 @@ class CKEditorComponent extends HTMLElement {
    * @throws {Error} When initialization fails
    */
   async #initializeEditor(editablesOrContent) {
-    await this.#validateIntegrity();
-
     const Editor = await this.#getEditorConstructor();
     const [plugins, translations] = await Promise.all([
       this.#getPlugins(),

data/lib/ckeditor5/rails/assets/webcomponents/utils.mjs

@@ -66,18 +66,16 @@ function loadAsyncImports(imports = []) {
     return imported;
   };
 
-  return Promise.all(
-    imports.map(async (item) => {
-      switch(item.type) {
-        case 'inline':
-          return loadInlinePlugin(item);
-
-        case 'external':
-        default:
-          return loadExternalPlugin(item);
-      }
-    })
-  );
+  return Promise.all(imports.map(item => {
+    switch(item.type) {
+      case 'inline':
+        return loadInlinePlugin(item);
+
+      case 'external':
+      default:
+        return loadExternalPlugin(item);
+    }
+  }));
 }
 
 /**
@@ -155,24 +153,3 @@ function resolveElementReferences(obj) {
 function uid() {
   return Math.random().toString(36).substring(2);
 }
-
-/**
- * Calculates checksum for an object.
- */
-async function calculateChecksum(obj) {
-  const objCopy = { ...obj, checksum: undefined };
-
-  return sha256(JSON.stringify(objCopy));
-}
-
-/**
- * Calculates SHA-256 hash for a string
- */
-async function sha256(str) {
-  const buffer = new TextEncoder().encode(str);
-  const hashBuffer = await crypto.subtle.digest('SHA-256', buffer);
-
-  return Array.from(new Uint8Array(hashBuffer))
-    .map(b => b.toString(16).padStart(2, '0'))
-    .join('');
-}

data/lib/ckeditor5/rails/context/props.rb

@@ -3,16 +3,14 @@
 module CKEditor5::Rails
   module Context
     class Props
-      include CKEditor5::Rails::Concerns::Checksum
-
       def initialize(config)
         @config = config
       end
 
       def to_attributes
         {
-          **serialized_attributes,
-          integrity: integrity_checksum
+          plugins: serialize_plugins,
+          config: serialize_config
         }
       end
 
@@ -20,19 +18,6 @@ module CKEditor5::Rails
 
       attr_reader :config
 
-      def integrity_checksum
-        unsafe_attributes = serialized_attributes.slice(:plugins)
-
-        calculate_object_checksum(unsafe_attributes)
-      end
-
-      def serialized_attributes
-        @serialized_attributes ||= {
-          plugins: serialize_plugins,
-          config: serialize_config
-        }
-      end
-
       def serialize_plugins
         (config[:plugins] || []).map { |plugin| Editor::PropsPlugin.normalize(plugin).to_h }.to_json
       end

data/lib/ckeditor5/rails/editor/props.rb

@@ -5,8 +5,6 @@ require_relative 'editable_height_normalizer'
 
 module CKEditor5::Rails::Editor
   class Props
-    include CKEditor5::Rails::Concerns::Checksum
-
     EDITOR_TYPES = {
       classic: 'ClassicEditor',
       inline: 'InlineEditor',
@@ -27,9 +25,8 @@ module CKEditor5::Rails::Editor
 
     def to_attributes
       {
-        **serialized_attributes,
         type: EDITOR_TYPES[@type],
-        integrity: integrity_checksum
+        **serialized_attributes
       }
     end
 
@@ -41,24 +38,14 @@ module CKEditor5::Rails::Editor
 
     attr_reader :controller_context, :watchdog, :type, :config, :editable_height
 
-    def integrity_checksum
-      unsafe_attributes = serialized_attributes.slice(:translations, :plugins)
-
-      calculate_object_checksum(unsafe_attributes)
-    end
-
     def serialized_attributes
-      return @serialized_attributes if defined?(@serialized_attributes)
-
-      attributes = {
+      {
         translations: serialize_translations,
         plugins: serialize_plugins,
         config: serialize_config,
         watchdog: watchdog
       }
-
-      attributes.merge!(editable_height ? { 'editable-height' => editable_height } : {})
-      @serialized_attributes = attributes
+        .merge(editable_height ? { 'editable-height' => editable_height } : {})
     end
 
     def serialize_translations

data/lib/ckeditor5/rails/editor/props_inline_plugin.rb

@@ -1,14 +1,11 @@
 # frozen_string_literal: true
 
-require_relative 'props_base_plugin'
-
 module CKEditor5::Rails::Editor
-  class PropsInlinePlugin < PropsBasePlugin
-    attr_reader :code
+  class PropsInlinePlugin
+    attr_reader :name, :code
 
     def initialize(name, code)
-      super(name)
-
+      @name = name
       @code = code
       validate_code!
     end

data/lib/ckeditor5/rails/editor/props_plugin.rb

@@ -1,14 +1,12 @@
 # frozen_string_literal: true
 
-require_relative 'props_base_plugin'
-
 module CKEditor5::Rails::Editor
-  class PropsPlugin < PropsBasePlugin
-    attr_reader :js_import_meta
+  class PropsPlugin
+    attr_reader :name, :js_import_meta
 
-    def initialize(name, premium: false, **js_import_meta)
-      super(name)
+    delegate :to_h, to: :import_meta
 
+    def initialize(name, premium: false, **js_import_meta)
       @name = name
       @js_import_meta = if js_import_meta.empty?
                           { import_name: premium ? 'ckeditor5-premium-features' : 'ckeditor5' }

data/lib/ckeditor5/rails/version.rb

@@ -2,7 +2,7 @@
 
 module CKEditor5
   module Rails
-    VERSION = '1.16.0'
+    VERSION = '1.16.1'
 
     DEFAULT_CKEDITOR_VERSION = '43.3.1'
   end

data/lib/ckeditor5/rails.rb

@@ -5,7 +5,6 @@ module CKEditor5
     require_relative 'rails/version'
     require_relative 'rails/version_detector'
     require_relative 'rails/semver'
-    require_relative 'rails/concerns/checksum'
     require_relative 'rails/assets/assets_bundle'
     require_relative 'rails/assets/assets_bundle_html_serializer'
     require_relative 'rails/helpers'

data/spec/lib/ckeditor5/rails/context/props_spec.rb

@@ -25,15 +25,9 @@ RSpec.describe CKEditor5::Rails::Context::Props do
   describe '#to_attributes' do
     subject(:attributes) { props.to_attributes }
 
-    it 'returns integrity property' do
-      expect(attributes[:integrity]).to eq(
-        '24e46c3ee19f6764930b38ecdf62c0ac824a0acbe6616b46199d892afb211acb'
-      )
-    end
-
     it 'returns a hash with plugins and config keys' do
       expect(attributes).to be_a(Hash)
-      expect(attributes.keys).to match_array(%i[plugins integrity config])
+      expect(attributes.keys).to match_array(%i[plugins config])
     end
 
     describe ':plugins key' do

data/spec/lib/ckeditor5/rails/editor/props_spec.rb

@@ -28,13 +28,11 @@ RSpec.describe CKEditor5::Rails::Editor::Props do
 
     it 'includes required attributes' do
       attributes = props.to_attributes
-
       expect(attributes).to include(
         type: 'ClassicEditor',
         translations: String,
         plugins: String,
         config: String,
-        integrity: '358d88b83d041f208d94ac957b2fd68135f1caab5c0d101d33cf04d5d39d81ef',
         watchdog: true
       )
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ckeditor5
 version: !ruby/object:Gem::Version
-  version: 1.16.0
+  version: 1.16.1
 platform: ruby
 authors:
 - Mateusz Bagiński
@@ -55,7 +55,6 @@ files:
 - lib/ckeditor5/rails/cdn/ckeditor_bundle.rb
 - lib/ckeditor5/rails/cdn/helpers.rb
 - lib/ckeditor5/rails/cdn/url_generator.rb
-- lib/ckeditor5/rails/concerns/checksum.rb
 - lib/ckeditor5/rails/context/helpers.rb
 - lib/ckeditor5/rails/context/props.rb
 - lib/ckeditor5/rails/editor/editable_height_normalizer.rb
@@ -63,7 +62,6 @@ files:
 - lib/ckeditor5/rails/editor/helpers/config_helpers.rb
 - lib/ckeditor5/rails/editor/helpers/editor_helpers.rb
 - lib/ckeditor5/rails/editor/props.rb
-- lib/ckeditor5/rails/editor/props_base_plugin.rb
 - lib/ckeditor5/rails/editor/props_inline_plugin.rb
 - lib/ckeditor5/rails/editor/props_plugin.rb
 - lib/ckeditor5/rails/engine.rb
@@ -89,13 +87,11 @@ files:
 - spec/lib/ckeditor5/rails/cdn/ckeditor_bundle_spec.rb
 - spec/lib/ckeditor5/rails/cdn/helpers_spec.rb
 - spec/lib/ckeditor5/rails/cdn/url_generator_spec.rb
-- spec/lib/ckeditor5/rails/concerns/checksum_spec.rb
 - spec/lib/ckeditor5/rails/context/helpers_spec.rb
 - spec/lib/ckeditor5/rails/context/props_spec.rb
 - spec/lib/ckeditor5/rails/editor/editable_height_normalizer_spec.rb
 - spec/lib/ckeditor5/rails/editor/helpers/config_helpers_spec.rb
 - spec/lib/ckeditor5/rails/editor/helpers/editor_helpers_spec.rb
-- spec/lib/ckeditor5/rails/editor/props_base_plugin_spec.rb
 - spec/lib/ckeditor5/rails/editor/props_inline_plugin_spec.rb
 - spec/lib/ckeditor5/rails/editor/props_plugin_spec.rb
 - spec/lib/ckeditor5/rails/editor/props_spec.rb
@@ -146,13 +142,11 @@ test_files:
 - spec/lib/ckeditor5/rails/cdn/ckeditor_bundle_spec.rb
 - spec/lib/ckeditor5/rails/cdn/helpers_spec.rb
 - spec/lib/ckeditor5/rails/cdn/url_generator_spec.rb
-- spec/lib/ckeditor5/rails/concerns/checksum_spec.rb
 - spec/lib/ckeditor5/rails/context/helpers_spec.rb
 - spec/lib/ckeditor5/rails/context/props_spec.rb
 - spec/lib/ckeditor5/rails/editor/editable_height_normalizer_spec.rb
 - spec/lib/ckeditor5/rails/editor/helpers/config_helpers_spec.rb
 - spec/lib/ckeditor5/rails/editor/helpers/editor_helpers_spec.rb
-- spec/lib/ckeditor5/rails/editor/props_base_plugin_spec.rb
 - spec/lib/ckeditor5/rails/editor/props_inline_plugin_spec.rb
 - spec/lib/ckeditor5/rails/editor/props_plugin_spec.rb
 - spec/lib/ckeditor5/rails/editor/props_spec.rb

data/lib/ckeditor5/rails/concerns/checksum.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-require 'digest'
-require 'json'
-
-module CKEditor5::Rails::Concerns
-  module Checksum
-    private
-
-    def calculate_object_checksum(obj)
-      json = JSON.generate(obj)
-      Digest::SHA256.hexdigest(json)
-    end
-  end
-end

data/lib/ckeditor5/rails/editor/props_base_plugin.rb

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-module CKEditor5::Rails
-  module Editor
-    class PropsBasePlugin
-      include Concerns::Checksum
-
-      attr_reader :name
-
-      def initialize(name)
-        @name = name
-      end
-
-      def to_h
-        raise NotImplementedError, 'This method must be implemented in a subclass'
-      end
-    end
-  end
-end

data/spec/lib/ckeditor5/rails/concerns/checksum_spec.rb

@@ -1,50 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe CKEditor5::Rails::Concerns::Checksum do
-  let(:dummy_class) do
-    Class.new do
-      include CKEditor5::Rails::Concerns::Checksum
-
-      public :calculate_object_checksum
-    end
-  end
-
-  subject(:instance) { dummy_class.new }
-
-  describe '#calculate_object_checksum' do
-    it 'returns a 16-character string' do
-      result = instance.calculate_object_checksum({ test: 'value' })
-      expect(result).to eq(
-        'f98be16ebfa861cb39a61faff9e52b33f5bcc16bb6ae72e728d226dc07093932'
-      )
-    end
-
-    it 'returns consistent checksums for the same input' do
-      input = { name: 'test', value: 123 }
-      first_result = instance.calculate_object_checksum(input)
-      second_result = instance.calculate_object_checksum(input)
-      expect(first_result).to eq(second_result)
-    end
-
-    it 'returns different checksums for different inputs' do
-      result1 = instance.calculate_object_checksum({ a: 1 })
-      result2 = instance.calculate_object_checksum({ a: 2 })
-      expect(result1).not_to eq(result2)
-    end
-
-    it 'handles arrays' do
-      result = instance.calculate_object_checksum([1, 2, 3])
-      expect(result).to eq(
-        'a615eeaee21de5179de080de8c3052c8da901138406ba71c38c032845f7d54f4'
-      )
-    end
-
-    it 'is order dependent for hashes' do
-      result1 = instance.calculate_object_checksum({ a: 1, b: 2 })
-      result2 = instance.calculate_object_checksum({ b: 2, a: 1 })
-      expect(result1).not_to eq(result2)
-    end
-  end
-end

data/spec/lib/ckeditor5/rails/editor/props_base_plugin_spec.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe CKEditor5::Rails::Editor::PropsBasePlugin do
-  let(:concrete_class) do
-    Class.new(described_class) do
-      def to_unsafe_h
-        { type: :test, name: name }
-      end
-    end
-  end
-
-  let(:instance) { concrete_class.new(:TestPlugin) }
-
-  describe '#initialize' do
-    it 'sets the name attribute' do
-      expect(instance.name).to eq(:TestPlugin)
-    end
-  end
-
-  describe '#to_h' do
-    it 'raises NotImplementedError' do
-      expect { instance.to_h }.to raise_error(NotImplementedError)
-    end
-  end
-end