ckeditor5 1.23.3 → 1.23.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0d717a5397379dffdfd252d92c6b6f58a524430c0ae99798a46ff7f71556d3b9
-  data.tar.gz: 046715b5823ae3f38b3b2c1175fa4f1bdd5e34f9e260777dbcb714be287ec18b
+  metadata.gz: 4f7600884a50bcb68e1f98db4063a3d885f9fbd4aa62b8ac6a793b8c5c4bc4af
+  data.tar.gz: e6a4f58340359d0c6c84fbd3e6aed0ce7bfe6cab733dc70b8e6640ed399cee3f
 SHA512:
-  metadata.gz: a552a32f61e75023f913b6df8c414b9af075942b97144e10582c4cfa1955bf988de8be6f2e652618ae3640364691f20c9ae3b679f3eb2017f78d3aa740580616
-  data.tar.gz: 934d9853eb527d2f8a65ecc87e6c4fac989a0bb1133f5a3b6154ebe8aca3239199a84a801c048e6909919b76295bae3e29f6af9e60f98f2cee46cfb8167647d7
+  metadata.gz: 448bd74e867966489554bf08eb40ef2b43069ad9f2fd884aadbae94295b5fc819bdc20deceb037bcda3ed73e57c74754bc860b39ceb45ee43f5938e2a1bc457c
+  data.tar.gz: d0560e88dacdce2e9f73f2001f701077a67bf6724cbc008c844ff458e71c556b9e0c7e14406cd06b16f4fc8b322bf53cc38094b188dc08995b658674e0cd6c10

data/lib/ckeditor5/rails/assets/assets_bundle_html_serializer.rb

@@ -19,13 +19,24 @@ module CKEditor5::Rails::Assets
       @lazy = lazy
     end
 
-    def to_html
+    def to_html(nonce: nil)
       tags = [
-        WebComponentBundle.instance.to_html
+        WebComponentBundle.instance.to_html(nonce: nonce)
       ]
 
-      tags.prepend(preload_tags, styles_tags, window_scripts_tags) unless lazy
-      tags.prepend(AssetsImportMap.new(bundle).to_html) if importmap
+      unless lazy
+        tags.prepend(
+          preload_tags(nonce: nonce),
+          styles_tags(nonce: nonce),
+          window_scripts_tags(nonce: nonce)
+        )
+      end
+
+      if importmap
+        tags.prepend(
+          AssetsImportMap.new(bundle).to_html(nonce: nonce)
+        )
+      end
 
       safe_join(tags)
     end
@@ -40,34 +51,42 @@ module CKEditor5::Rails::Assets
 
     private
 
-    def window_scripts_tags
-      @window_scripts_tags ||= safe_join(bundle.scripts.filter_map do |script|
-        tag.script(src: script.url, nonce: true, crossorigin: 'anonymous') if script.window?
-      end)
+    def window_scripts_tags(nonce: nil)
+      scripts = bundle.scripts.filter_map do |script|
+        tag.script(src: script.url, nonce: nonce, crossorigin: 'anonymous') if script.window?
+      end
+
+      safe_join(scripts)
     end
 
-    def styles_tags
-      @styles_tags ||= safe_join(bundle.stylesheets.map do |url|
-        tag.link(href: url, rel: 'stylesheet', crossorigin: 'anonymous')
-      end)
+    def styles_tags(nonce: nil)
+      styles = bundle.stylesheets.map do |url|
+        tag.link(href: url, nonce: nonce, rel: 'stylesheet', crossorigin: 'anonymous')
+      end
+
+      safe_join(styles)
     end
 
-    def preload_tags
-      @preload_tags ||= safe_join(bundle.preloads.map do |preload|
+    def preload_tags(nonce: nil)
+      preloads = bundle.preloads.map do |preload|
         if preload.is_a?(Hash) && preload[:as] && preload[:href]
           tag.link(
             **preload,
+            nonce: nonce,
             crossorigin: 'anonymous'
           )
         else
           tag.link(
             href: preload,
             rel: 'preload',
+            nonce: nonce,
             as: self.class.url_resource_preload_type(preload),
             crossorigin: 'anonymous'
           )
         end
-      end)
+      end
+
+      safe_join(preloads)
     end
   end
 
@@ -90,11 +109,11 @@ module CKEditor5::Rails::Assets
       { imports: import_map }.to_json
     end
 
-    def to_html
+    def to_html(nonce: nil)
       tag.script(
         to_json.html_safe,
         type: 'importmap',
-        nonce: true
+        nonce: nonce
       )
     end
 

data/lib/ckeditor5/rails/assets/webcomponent_bundle.rb

@@ -3,54 +3,38 @@
 require 'singleton'
 require 'terser'
 
-require_relative '../editor/props_inline_plugin'
-
-module CKEditor5::Rails
-  module Assets
-    class WebComponentBundle
-      include ActionView::Helpers::TagHelper
-      include Singleton
-
-      WEBCOMPONENTS_PATH = File.join(__dir__, 'webcomponents')
-      WEBCOMPONENTS_MODULES = [
-        'utils.mjs',
-        'components/editable.mjs',
-        'components/ui-part.mjs',
-        'components/editor.mjs',
-        'components/context.mjs'
-      ].freeze
-
-      def source
-        @source ||= compress_source(raw_source)
-      end
-
-      def to_html
-        @to_html ||= tag.script(source, type: 'module', nonce: true)
-      end
-
-      private
-
-      def raw_source
-        @raw_source ||= WEBCOMPONENTS_MODULES.map do |file|
-          content = File.read(File.join(WEBCOMPONENTS_PATH, file))
-
-          if file == 'utils.mjs'
-            inject_inline_code_signatures(content)
-          else
-            content
-          end
-        end.join("\n")
-      end
-
-      def inject_inline_code_signatures(content)
-        json_signatures = Editor::InlinePluginsSignaturesRegistry.instance.to_a.to_json
-
-        content.sub('__INLINE_CODE_SIGNATURES_PLACEHOLDER__', json_signatures)
-      end
-
-      def compress_source(code)
-        Terser.new(compress: true, mangle: true).compile(code).html_safe
-      end
+module CKEditor5::Rails::Assets
+  class WebComponentBundle
+    include ActionView::Helpers::TagHelper
+    include Singleton
+
+    WEBCOMPONENTS_PATH = File.join(__dir__, 'webcomponents')
+    WEBCOMPONENTS_MODULES = [
+      'utils.mjs',
+      'components/editable.mjs',
+      'components/ui-part.mjs',
+      'components/editor.mjs',
+      'components/context.mjs'
+    ].freeze
+
+    def source
+      @source ||= compress_source(raw_source)
+    end
+
+    def to_html(nonce: nil)
+      tag.script(source, type: 'module', nonce: nonce)
+    end
+
+    private
+
+    def raw_source
+      @raw_source ||= WEBCOMPONENTS_MODULES.map do |file|
+        File.read(File.join(WEBCOMPONENTS_PATH, file))
+      end.join("\n")
+    end
+
+    def compress_source(code)
+      Terser.new(compress: true, mangle: true).compile(code).html_safe
     end
   end
 end

data/lib/ckeditor5/rails/assets/webcomponents/components/editor.mjs

@@ -568,14 +568,10 @@ class CKEditorComponent extends HTMLElement {
   }
 
   /**
-   * Gets bundle JSON description from translations attribute.
-   *
-   * **warning**: It's present only if the editor is loaded lazily.
+   * Gets bundle JSON description from translations attribute
    */
   #getBundle() {
-    return this.#bundle ||= JSON.parse(
-      this.getAttribute('bundle') || '{ "scripts": [], "stylesheets": [] }'
-    );
+    return this.#bundle ||= JSON.parse(this.getAttribute('bundle'));
   }
 
 

data/lib/ckeditor5/rails/assets/webcomponents/utils.mjs

@@ -20,22 +20,6 @@ function execIfDOMReady(callback) {
   }
 }
 
-/**
- * Verifies code signature using SHA-256 hash.
- *
- * @param {string} code - Source code to verify
- * @returns {Promise<boolean>} True if code signature is valid
- */
-async function verifyCodeSignature(code) {
-  const signature = await crypto.subtle
-      .digest('SHA-256', new TextEncoder().encode(code))
-      .then(hash => Array.from(new Uint8Array(hash))
-      .map(b => b.toString(16).padStart(2, '0'))
-      .join(''));
-
-  return __INLINE_CODE_SIGNATURES_PLACEHOLDER__.includes(signature);
-}
-
 /**
  * Dynamically imports modules based on configuration
  *
@@ -47,14 +31,10 @@ async function verifyCodeSignature(code) {
  * @param {Object} imports[].window_name - Global window object name (for external type)
  * @param {('inline'|'external')} imports[].type - Type of import
  * @returns {Promise<Array<any>>} Array of loaded modules
- * @throws {Error} When plugin loading fails or signature validation fails
+ * @throws {Error} When plugin loading fails
  */
 function loadAsyncImports(imports = []) {
   const loadInlinePlugin = async ({ name, code }) => {
-    if (!await verifyCodeSignature(code)) {
-      throw new Error(`Invalid code signature for inline plugin "${name}"!`);
-    }
-
     const module = await import(`data:text/javascript,${encodeURIComponent(code)}`);
 
     if (!module.default) {

data/lib/ckeditor5/rails/cdn/helpers.rb

@@ -99,16 +99,15 @@ module CKEditor5::Rails
 
       if importmap_available?
         @__ckeditor_context = {
-          bundle: combined_bundle,
-          lazy: true
+          bundle: combined_bundle
         }
 
-        return Assets::WebComponentBundle.instance.to_html
+        return Assets::WebComponentBundle.instance.to_html(nonce: content_security_policy_nonce)
       end
 
       safe_join([
-                  Assets::AssetsImportMap.new(combined_bundle).to_html,
-                  Assets::WebComponentBundle.instance.to_html
+                  Assets::AssetsImportMap.new(combined_bundle).to_html(nonce: content_security_policy_nonce),
+                  Assets::WebComponentBundle.instance.to_html(nonce: content_security_policy_nonce)
                 ])
     end
 
@@ -183,7 +182,7 @@ module CKEditor5::Rails
         lazy: lazy
       )
 
-      html = serializer.to_html
+      html = serializer.to_html(nonce: content_security_policy_nonce)
 
       if importmap_available?
         @__ckeditor_context[:html_tags] = html

data/lib/ckeditor5/rails/context/helpers.rb

@@ -40,8 +40,8 @@ module CKEditor5::Rails::Context
     #   <% preset = ckeditor5_context_preset do
     #     plugins :Comments, :TrackChanges, :Collaboration  # Shared functionality plugins
     #   end %>
-    def ckeditor5_context_preset(**kwargs, &block)
-      PresetBuilder.new(disallow_inline_plugins: true, **kwargs, &block)
+    def ckeditor5_context_preset(&block)
+      PresetBuilder.new(&block)
     end
   end
 end

data/lib/ckeditor5/rails/context/preset_builder.rb

@@ -38,8 +38,7 @@ module CKEditor5::Rails
       #     version '43.3.1'
       #     toolbar :bold, :italic
       #   end
-      def initialize(disallow_inline_plugins: false, &block)
-        @disallow_inline_plugins = disallow_inline_plugins
+      def initialize(&block)
         @config = {
           plugins: []
         }

data/lib/ckeditor5/rails/editor/helpers/editor_helpers.rb

@@ -56,7 +56,7 @@ module CKEditor5::Rails
     #   <%= form_for @post do |f| %>
     #     <%= f.ckeditor5 :content, required: true %>
     #   <% end %>
-    def ckeditor5_editor( # rubocop:disable Metrics/ParameterLists,Metrics/CyclomaticComplexity
+    def ckeditor5_editor( # rubocop:disable Metrics/ParameterLists
       preset: nil,
       config: nil, extra_config: {}, type: nil,
       initial_data: nil, watchdog: true,
@@ -78,9 +78,7 @@ module CKEditor5::Rails
 
       editor_props = Editor::Props.new(
         type, config,
-        # Use fallback only if there is no `ckeditor5_assets` in the head.
-        # So web-component will be loaded from the CDN.
-        bundle: context[:lazy] ? context[:bundle] : nil,
+        bundle: context[:bundle],
         watchdog: watchdog,
         editable_height: editable_height || preset.editable_height
       )
@@ -161,15 +159,13 @@ module CKEditor5::Rails
 
         return {
           bundle: create_preset_bundle(found_preset),
-          preset: found_preset,
-          lazy: true
+          preset: found_preset
         }
       end
 
       {
         bundle: nil,
-        preset: Engine.default_preset,
-        lazy: true
+        preset: Engine.default_preset
       }
     end
   end

data/lib/ckeditor5/rails/editor/props.rb

@@ -45,7 +45,7 @@ module CKEditor5::Rails::Editor
 
     def serialized_attributes
       {
-        bundle: bundle&.to_json,
+        bundle: bundle.to_json,
         plugins: serialize_plugins,
         config: serialize_config,
         watchdog: watchdog

data/lib/ckeditor5/rails/editor/props_inline_plugin.rb

@@ -1,8 +1,5 @@
 # frozen_string_literal: true
 
-require 'singleton'
-require 'digest'
-
 require_relative 'props_base_plugin'
 
 module CKEditor5::Rails::Editor
@@ -14,8 +11,6 @@ module CKEditor5::Rails::Editor
 
       @code = code
       validate_code!
-
-      InlinePluginsSignaturesRegistry.instance.register(code)
     end
 
     def to_h
@@ -37,28 +32,4 @@ module CKEditor5::Rails::Editor
             'Code must include `export default` that exports plugin definition!'
     end
   end
-
-  class InlinePluginsSignaturesRegistry
-    include Singleton
-
-    def initialize
-      @signatures = Set.new
-    end
-
-    def register(code)
-      signature = generate_signature(code)
-      @signatures.add(signature)
-      signature
-    end
-
-    def to_a
-      @signatures.to_a
-    end
-
-    private
-
-    def generate_signature(code)
-      Digest::SHA256.hexdigest(code)
-    end
-  end
 end

data/lib/ckeditor5/rails/hooks/importmap.rb

@@ -47,6 +47,7 @@ module CKEditor5::Rails::Hooks
       def merge_import_maps_json(a_json, b_json)
         a = JSON.parse(a_json)
         b = JSON.parse(b_json)
+
         a['imports'].merge!(b['imports'])
         a.to_json
       rescue JSON::ParserError => e

data/lib/ckeditor5/rails/version.rb

@@ -2,7 +2,7 @@
 
 module CKEditor5
   module Rails
-    VERSION = '1.23.3'
+    VERSION = '1.23.5'
 
     DEFAULT_CKEDITOR_VERSION = '44.1.0'
   end

data/spec/lib/ckeditor5/rails/assets/assets_bundle_hml_serializer_spec.rb

@@ -32,7 +32,7 @@ RSpec.describe CKEditor5::Rails::Assets::AssetsBundleHtmlSerializer do
   end
 
   describe '#to_html' do
-    subject(:html) { serializer.to_html }
+    subject(:html) { serializer.to_html(nonce: 'true') }
 
     it 'includes window script tags' do
       expect(html).to have_tag('script', with: {
@@ -240,7 +240,7 @@ RSpec.describe CKEditor5::Rails::Assets::AssetsImportMap do
 
   describe '#to_html' do
     it 'generates script tag with import map' do
-      html = import_map.to_html
+      html = import_map.to_html(nonce: 'true')
       expect(html).to have_tag('script', with: { type: 'importmap', nonce: 'true' }) do
         with_text('{"imports":{"@ckeditor/module":"https://cdn.com/script2.js"}}')
       end

data/spec/lib/ckeditor5/rails/cdn/helpers_spec.rb

@@ -10,6 +10,10 @@ RSpec.describe CKEditor5::Rails::Cdn::Helpers do
       def importmap_rendered?
         false
       end
+
+      def content_security_policy_nonce
+        'test-nonce'
+      end
     end
   end
 

data/spec/lib/ckeditor5/rails/context/helpers_spec.rb

@@ -107,18 +107,5 @@ RSpec.describe CKEditor5::Rails::Context::Helpers do
         preset: :custom
       )
     end
-
-    it 'raises error when trying to define inline plugin' do
-      expect do
-        helper.ckeditor5_context_preset do
-          inline_plugin :TestPlugin, <<~JS
-            export default class TestPlugin { }
-          JS
-        end
-      end.to raise_error(
-        CKEditor5::Rails::Presets::Concerns::PluginMethods::DisallowedInlinePlugin,
-        'Inline plugins are not allowed here.'
-      )
-    end
   end
 end

data/spec/lib/ckeditor5/rails/editor/helpers/editor_helpers_spec.rb

@@ -58,7 +58,6 @@ RSpec.describe CKEditor5::Rails::Editor::Helpers::Editor do
       result = helper.ckeditor5_context_or_fallback(:custom)
       expect(result).to match({
                                 bundle: 'custom-bundle',
-                                lazy: true,
                                 preset: custom_preset
                               })
     end
@@ -72,33 +71,9 @@ RSpec.describe CKEditor5::Rails::Editor::Helpers::Editor do
       result = helper.ckeditor5_context_or_fallback(nil)
       expect(result).to match({
                                 bundle: nil,
-                                lazy: true,
                                 preset: :default
                               })
     end
-
-    it 'includes lazy flag in fallback context' do
-      allow(CKEditor5::Rails::Engine).to receive(:default_preset)
-        .and_return(:default)
-
-      result = helper.ckeditor5_context_or_fallback(nil)
-      expect(result[:lazy]).to be true
-    end
-
-    it 'includes lazy flag in preset context' do
-      custom_preset = instance_double(CKEditor5::Rails::Presets::PresetBuilder)
-
-      allow(CKEditor5::Rails::Engine).to receive(:find_preset)
-        .with(:custom)
-        .and_return(custom_preset)
-
-      allow(helper).to receive(:create_preset_bundle)
-        .with(custom_preset)
-        .and_return('custom-bundle')
-
-      result = helper.ckeditor5_context_or_fallback(:custom)
-      expect(result[:lazy]).to be true
-    end
   end
 
   describe '#ckeditor5_editor' do
@@ -250,31 +225,6 @@ RSpec.describe CKEditor5::Rails::Editor::Helpers::Editor do
         expect(helper.ckeditor5_editor(editable_height: 600)).to include('editable-height="600px"')
       end
     end
-
-    context 'when using bundles' do
-      let(:bundle) { 'test-bundle' }
-      let(:context) { { preset: :default, bundle: bundle, lazy: true } }
-
-      it 'uses bundle from context when lazy is true' do
-        expect(CKEditor5::Rails::Editor::Props).to receive(:new)
-          .with(anything, anything, hash_including(bundle: bundle))
-          .and_call_original
-
-        helper.ckeditor5_editor
-      end
-
-      context 'when lazy is false' do
-        let(:context) { { preset: :default, bundle: bundle, lazy: false } }
-
-        it 'does not use bundle from context' do
-          expect(CKEditor5::Rails::Editor::Props).to receive(:new)
-            .with(anything, anything, hash_including(bundle: nil))
-            .and_call_original
-
-          helper.ckeditor5_editor
-        end
-      end
-    end
   end
 
   describe '#ckeditor5_editable' do

data/spec/lib/ckeditor5/rails/hooks/form_spec.rb

@@ -7,7 +7,11 @@ RSpec.describe CKEditor5::Rails::Hooks::Form do
     let(:post) { Post.new(content: 'Initial content') }
     let(:builder) { described_class.new(:post, post, template) }
     let(:template) do
-      ActionView::Base.new(ActionView::LookupContext.new([]), {}, nil)
+      Class.new(ActionView::Base) do
+        def content_security_policy_nonce
+          'test-nonce'
+        end
+      end.new(ActionView::LookupContext.new([]), {}, nil)
     end
 
     before do
@@ -18,10 +22,24 @@ RSpec.describe CKEditor5::Rails::Hooks::Form do
       subject(:rendered_editor) { builder.build_editor(:content) }
 
       it 'renders ckeditor element' do
+        bundle_json = {
+          scripts: [
+            {
+              import_name: 'ckeditor5',
+              url: 'https://cdn.jsdelivr.net/npm/ckeditor5@34.1.0/dist/browser/ckeditor5.js',
+              translation: false
+            }
+          ],
+          stylesheets: [
+            'https://cdn.jsdelivr.net/npm/ckeditor5@34.1.0/dist/browser/ckeditor5.css'
+          ]
+        }.to_json
+
         attrs = {
           name: 'post[content]',
           id: 'post_content',
           type: 'ClassicEditor',
+          bundle: bundle_json,
           watchdog: 'true'
         }
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ckeditor5
 version: !ruby/object:Gem::Version
-  version: 1.23.3
+  version: 1.23.5
 platform: ruby
 authors:
 - Mateusz Bagiński
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-12-19 00:00:00.000000000 Z
+date: 2024-12-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails