tinymce-rails 7.9.1.1 → 7.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/app/assets/source/tinymce/tinymce.js +48 -26
- data/lib/tinymce/rails/version.rb +2 -2
- data/vendor/assets/javascripts/tinymce/notices.txt +2 -2
- data/vendor/assets/javascripts/tinymce/themes/silver/theme.js +1 -1
- data/vendor/assets/javascripts/tinymce/tinymce.d.ts +1 -0
- data/vendor/assets/javascripts/tinymce/tinymce.js +3 -4
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b265667eeaa79635f2e02fde8eb2579d21f6796c621c75de8a064bd66558092d
|
|
4
|
+
data.tar.gz: 2e1ff29553128d99b49e66985722acb42b1937c347f1ba2fe874d15bee72cb9e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2cecffda46035a1c9201bdda4c4238d4a91a5c17b355ebe234988b1213b88fa8eefc85050bf666226aafd868261e24f6b8fc2f0ee2c53c40c5252ced97c9a331
|
|
7
|
+
data.tar.gz: afb0606a8f6d8860684f6d30f0110aeca1236825099d048e30db94da26d3f86d9c1e1707ed85cd79b5de740b2a22aa31a1bdbf3a71fcb05114cf100d180f5132
|
data/README.md
CHANGED
|
@@ -6,7 +6,7 @@ The `tinymce-rails` gem integrates the [TinyMCE](https://www.tiny.cloud/) editor
|
|
|
6
6
|
This gem is compatible with Rails 5.1 and higher.
|
|
7
7
|
|
|
8
8
|
This is the branch for **TinyMCE 7**.<br />
|
|
9
|
-
Please see alternate branches for [TinyMCE 6](https://github.com/spohlenz/tinymce-rails/tree/tinymce-6), [TinyMCE 5](https://github.com/spohlenz/tinymce-rails/tree/tinymce-5), [TinyMCE 4](https://github.com/spohlenz/tinymce-rails/tree/tinymce-4) & [TinyMCE 3.5.x](https://github.com/spohlenz/tinymce-rails/tree/tinymce-3).
|
|
9
|
+
Please see the [`main`](https://github.com/spohlenz/tinymce-rails) branch for TinyMCE 8, and alternate branches for [TinyMCE 6](https://github.com/spohlenz/tinymce-rails/tree/tinymce-6), [TinyMCE 5](https://github.com/spohlenz/tinymce-rails/tree/tinymce-5), [TinyMCE 4](https://github.com/spohlenz/tinymce-rails/tree/tinymce-4) & [TinyMCE 3.5.x](https://github.com/spohlenz/tinymce-rails/tree/tinymce-3).
|
|
10
10
|
|
|
11
11
|
> [!IMPORTANT]
|
|
12
12
|
> Please note that as of version 7, TinyMCE (and therefore this project) is now licensed under the GPL.
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* TinyMCE version 7.9.
|
|
2
|
+
* TinyMCE version 7.9.2 (2026-02-11)
|
|
3
3
|
*/
|
|
4
4
|
|
|
5
5
|
(function () {
|
|
@@ -5574,7 +5574,8 @@
|
|
|
5574
5574
|
webkitMovementX: true,
|
|
5575
5575
|
webkitMovementY: true,
|
|
5576
5576
|
keyIdentifier: true,
|
|
5577
|
-
mozPressure: true
|
|
5577
|
+
mozPressure: true,
|
|
5578
|
+
mozInputSource: true,
|
|
5578
5579
|
};
|
|
5579
5580
|
// Note: We can't rely on `instanceof` here as it won't work if the event was fired from another window.
|
|
5580
5581
|
// Additionally, the constructor name might be `MouseEvent` or similar so we can't rely on the constructor name.
|
|
@@ -9976,6 +9977,11 @@
|
|
|
9976
9977
|
processor: 'boolean',
|
|
9977
9978
|
default: false
|
|
9978
9979
|
});
|
|
9980
|
+
// TINY-11900: Set to default to `true` to avoid changing existing TinyMCE 7 behaviour
|
|
9981
|
+
registerOption('allow_html_in_comments', {
|
|
9982
|
+
processor: 'boolean',
|
|
9983
|
+
default: true
|
|
9984
|
+
});
|
|
9979
9985
|
registerOption('allow_script_urls', {
|
|
9980
9986
|
processor: 'boolean',
|
|
9981
9987
|
default: false
|
|
@@ -18434,6 +18440,9 @@
|
|
|
18434
18440
|
};
|
|
18435
18441
|
};
|
|
18436
18442
|
|
|
18443
|
+
const encodeData = (data) => data.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>');
|
|
18444
|
+
const decodeData$1 = (data) => data.replace(/</g, '<').replace(/>/g, '>').replace(/&/g, '&');
|
|
18445
|
+
|
|
18437
18446
|
const removeAttrs = (node, names) => {
|
|
18438
18447
|
each$e(names, (name) => {
|
|
18439
18448
|
node.attr(name, null);
|
|
@@ -18804,7 +18813,7 @@
|
|
|
18804
18813
|
}
|
|
18805
18814
|
};
|
|
18806
18815
|
|
|
18807
|
-
/*! @license DOMPurify 3.2.
|
|
18816
|
+
/*! @license DOMPurify 3.2.6 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.6/LICENSE */
|
|
18808
18817
|
|
|
18809
18818
|
const {
|
|
18810
18819
|
entries,
|
|
@@ -18864,6 +18873,9 @@
|
|
|
18864
18873
|
*/
|
|
18865
18874
|
function unapply(func) {
|
|
18866
18875
|
return function (thisArg) {
|
|
18876
|
+
if (thisArg instanceof RegExp) {
|
|
18877
|
+
thisArg.lastIndex = 0;
|
|
18878
|
+
}
|
|
18867
18879
|
for (var _len = arguments.length, args = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
|
|
18868
18880
|
args[_key - 1] = arguments[_key];
|
|
18869
18881
|
}
|
|
@@ -19005,7 +19017,7 @@
|
|
|
19005
19017
|
const TMPLIT_EXPR = seal(/\$\{[\w\W]*/gm); // eslint-disable-line unicorn/better-regex
|
|
19006
19018
|
const DATA_ATTR = seal(/^data-[\-\w.\u00B7-\uFFFF]+$/); // eslint-disable-line no-useless-escape
|
|
19007
19019
|
const ARIA_ATTR = seal(/^aria-[\-\w]+$/); // eslint-disable-line no-useless-escape
|
|
19008
|
-
const IS_ALLOWED_URI = seal(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i // eslint-disable-line no-useless-escape
|
|
19020
|
+
const IS_ALLOWED_URI = seal(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp|matrix):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i // eslint-disable-line no-useless-escape
|
|
19009
19021
|
);
|
|
19010
19022
|
const IS_SCRIPT_OR_DATA = seal(/^(?:\w+script|data):/i);
|
|
19011
19023
|
const ATTR_WHITESPACE = seal(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g // eslint-disable-line no-control-regex
|
|
@@ -19102,7 +19114,7 @@
|
|
|
19102
19114
|
function createDOMPurify() {
|
|
19103
19115
|
let window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal();
|
|
19104
19116
|
const DOMPurify = root => createDOMPurify(root);
|
|
19105
|
-
DOMPurify.version = '3.2.
|
|
19117
|
+
DOMPurify.version = '3.2.6';
|
|
19106
19118
|
DOMPurify.removed = [];
|
|
19107
19119
|
if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document || !window.Element) {
|
|
19108
19120
|
// Not running in a browser, provide a factory function
|
|
@@ -19341,8 +19353,8 @@
|
|
|
19341
19353
|
URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR') ? addToSet(clone(DEFAULT_URI_SAFE_ATTRIBUTES), cfg.ADD_URI_SAFE_ATTR, transformCaseFunc) : DEFAULT_URI_SAFE_ATTRIBUTES;
|
|
19342
19354
|
DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS') ? addToSet(clone(DEFAULT_DATA_URI_TAGS), cfg.ADD_DATA_URI_TAGS, transformCaseFunc) : DEFAULT_DATA_URI_TAGS;
|
|
19343
19355
|
FORBID_CONTENTS = objectHasOwnProperty(cfg, 'FORBID_CONTENTS') ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc) : DEFAULT_FORBID_CONTENTS;
|
|
19344
|
-
FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS') ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc) : {};
|
|
19345
|
-
FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR') ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc) : {};
|
|
19356
|
+
FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS') ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc) : clone({});
|
|
19357
|
+
FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR') ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc) : clone({});
|
|
19346
19358
|
USE_PROFILES = objectHasOwnProperty(cfg, 'USE_PROFILES') ? cfg.USE_PROFILES : false;
|
|
19347
19359
|
ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false; // Default true
|
|
19348
19360
|
ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false; // Default true
|
|
@@ -19707,7 +19719,7 @@
|
|
|
19707
19719
|
allowedTags: ALLOWED_TAGS
|
|
19708
19720
|
});
|
|
19709
19721
|
/* Detect mXSS attempts abusing namespace confusion */
|
|
19710
|
-
if (currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w]/g, currentNode.innerHTML) && regExpTest(/<[/\w]/g, currentNode.textContent)) {
|
|
19722
|
+
if (SAFE_FOR_XML && currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w!]/g, currentNode.innerHTML) && regExpTest(/<[/\w!]/g, currentNode.textContent)) {
|
|
19711
19723
|
_forceRemove(currentNode);
|
|
19712
19724
|
return true;
|
|
19713
19725
|
}
|
|
@@ -19859,8 +19871,8 @@
|
|
|
19859
19871
|
value: attrValue
|
|
19860
19872
|
} = attr;
|
|
19861
19873
|
const lcName = transformCaseFunc(name);
|
|
19862
|
-
|
|
19863
|
-
|
|
19874
|
+
const initValue = attrValue;
|
|
19875
|
+
let value = name === 'value' ? initValue : stringTrim(initValue);
|
|
19864
19876
|
/* Execute a hook if present */
|
|
19865
19877
|
hookEvent.attrName = lcName;
|
|
19866
19878
|
hookEvent.attrValue = value;
|
|
@@ -19886,7 +19898,6 @@
|
|
|
19886
19898
|
if (hookEvent.forceKeepAttr) {
|
|
19887
19899
|
continue;
|
|
19888
19900
|
}
|
|
19889
|
-
/* Remove attribute */
|
|
19890
19901
|
/* Did the hooks approve of the attribute? */
|
|
19891
19902
|
if (!hookEvent.keepAttr) {
|
|
19892
19903
|
_removeAttribute(name, currentNode);
|
|
@@ -19940,7 +19951,9 @@
|
|
|
19940
19951
|
} else {
|
|
19941
19952
|
arrayPop(DOMPurify.removed);
|
|
19942
19953
|
}
|
|
19943
|
-
} catch (_) {
|
|
19954
|
+
} catch (_) {
|
|
19955
|
+
_removeAttribute(name, currentNode);
|
|
19956
|
+
}
|
|
19944
19957
|
}
|
|
19945
19958
|
}
|
|
19946
19959
|
/* Execute a hook if present */
|
|
@@ -20567,9 +20580,14 @@
|
|
|
20567
20580
|
var _a, _b, _c, _d;
|
|
20568
20581
|
const validate = settings.validate;
|
|
20569
20582
|
const specialElements = schema.getSpecialElements();
|
|
20570
|
-
|
|
20571
|
-
|
|
20572
|
-
node.nodeValue
|
|
20583
|
+
if (node.nodeType === COMMENT) {
|
|
20584
|
+
// Pad conditional comments if they aren't allowed
|
|
20585
|
+
if (!settings.allow_conditional_comments && /^\[if/i.test((_a = node.nodeValue) !== null && _a !== void 0 ? _a : '')) {
|
|
20586
|
+
node.nodeValue = ' ' + node.nodeValue;
|
|
20587
|
+
}
|
|
20588
|
+
if (settings.sanitize && settings.allow_html_in_comments && isString(node.nodeValue)) {
|
|
20589
|
+
node.nodeValue = encodeData(node.nodeValue);
|
|
20590
|
+
}
|
|
20573
20591
|
}
|
|
20574
20592
|
const lcTagName = (_b = evt === null || evt === void 0 ? void 0 : evt.tagName) !== null && _b !== void 0 ? _b : node.nodeName.toLowerCase();
|
|
20575
20593
|
if (scope !== 'html' && schema.isValid(scope)) {
|
|
@@ -20706,8 +20724,6 @@
|
|
|
20706
20724
|
// body is also allowed due to the DOMPurify checking the root node before sanitizing
|
|
20707
20725
|
ALLOWED_TAGS: ['#comment', '#cdata-section', 'body'],
|
|
20708
20726
|
ALLOWED_ATTR: [],
|
|
20709
|
-
// TINY-11332: New settings for dompurify 3.1.7
|
|
20710
|
-
SAFE_FOR_XML: false
|
|
20711
20727
|
};
|
|
20712
20728
|
const config = { ...basePurifyConfig };
|
|
20713
20729
|
// Set the relevant parser mimetype
|
|
@@ -20856,7 +20872,7 @@
|
|
|
20856
20872
|
* @version 3.4
|
|
20857
20873
|
*/
|
|
20858
20874
|
const makeMap = Tools.makeMap, extend$1 = Tools.extend;
|
|
20859
|
-
const transferChildren = (parent, nativeParent, specialElements, nsSanitizer) => {
|
|
20875
|
+
const transferChildren = (parent, nativeParent, specialElements, nsSanitizer, decodeComments) => {
|
|
20860
20876
|
const parentName = parent.name;
|
|
20861
20877
|
// Exclude the special elements where the content is RCDATA as their content needs to be parsed instead of being left as plain text
|
|
20862
20878
|
// See: https://html.spec.whatwg.org/multipage/parsing.html#parsing-html-fragments
|
|
@@ -20882,11 +20898,14 @@
|
|
|
20882
20898
|
child.raw = true;
|
|
20883
20899
|
}
|
|
20884
20900
|
}
|
|
20885
|
-
else if (isComment(nativeChild)
|
|
20901
|
+
else if (isComment(nativeChild)) {
|
|
20902
|
+
child.value = decodeComments ? decodeData$1(nativeChild.data) : nativeChild.data;
|
|
20903
|
+
}
|
|
20904
|
+
else if (isCData(nativeChild) || isPi(nativeChild)) {
|
|
20886
20905
|
child.value = nativeChild.data;
|
|
20887
20906
|
}
|
|
20888
20907
|
if (!isNonHtmlElementRootName(child.name)) {
|
|
20889
|
-
transferChildren(child, nativeChild, specialElements, nsSanitizer);
|
|
20908
|
+
transferChildren(child, nativeChild, specialElements, nsSanitizer, decodeComments);
|
|
20890
20909
|
}
|
|
20891
20910
|
parent.append(child);
|
|
20892
20911
|
}
|
|
@@ -21041,6 +21060,7 @@
|
|
|
21041
21060
|
validate: true,
|
|
21042
21061
|
root_name: 'body',
|
|
21043
21062
|
sanitize: true,
|
|
21063
|
+
allow_html_in_comments: true,
|
|
21044
21064
|
...settings
|
|
21045
21065
|
};
|
|
21046
21066
|
const parser = new DOMParser();
|
|
@@ -21202,7 +21222,7 @@
|
|
|
21202
21222
|
updateChildren(schema, element);
|
|
21203
21223
|
// Create the AST representation
|
|
21204
21224
|
const rootNode = new AstNode(rootName, 11);
|
|
21205
|
-
transferChildren(rootNode, element, schema.getSpecialElements(), sanitizer.sanitizeNamespaceElement);
|
|
21225
|
+
transferChildren(rootNode, element, schema.getSpecialElements(), sanitizer.sanitizeNamespaceElement, defaultedSettings.sanitize && defaultedSettings.allow_html_in_comments);
|
|
21206
21226
|
// This next line is needed to fix a memory leak in chrome and firefox.
|
|
21207
21227
|
// For more information see TINY-9186
|
|
21208
21228
|
element.innerHTML = '';
|
|
@@ -33604,13 +33624,14 @@
|
|
|
33604
33624
|
editor.on('mousedown', (e) => {
|
|
33605
33625
|
lift2(Optional.from(e.clientX), Optional.from(e.clientY), (clientX, clientY) => {
|
|
33606
33626
|
const caretPos = editor.getDoc().caretPositionFromPoint(clientX, clientY);
|
|
33607
|
-
|
|
33608
|
-
|
|
33627
|
+
const img = (caretPos === null || caretPos === void 0 ? void 0 : caretPos.offsetNode.childNodes[caretPos.offset - (caretPos.offset > 0 ? 1 : 0)]) || (caretPos === null || caretPos === void 0 ? void 0 : caretPos.offsetNode);
|
|
33628
|
+
if (img && isEditableImage(img)) {
|
|
33629
|
+
const rect = img.getBoundingClientRect();
|
|
33609
33630
|
e.preventDefault();
|
|
33610
33631
|
if (!editor.hasFocus()) {
|
|
33611
33632
|
editor.focus();
|
|
33612
33633
|
}
|
|
33613
|
-
editor.selection.select(
|
|
33634
|
+
editor.selection.select(img);
|
|
33614
33635
|
if (e.clientX < rect.left || e.clientY < rect.top) {
|
|
33615
33636
|
editor.selection.collapse(true);
|
|
33616
33637
|
}
|
|
@@ -34092,6 +34113,7 @@
|
|
|
34092
34113
|
allow_svg_data_urls: getOption('allow_svg_data_urls'),
|
|
34093
34114
|
allow_html_in_named_anchor: getOption('allow_html_in_named_anchor'),
|
|
34094
34115
|
allow_script_urls: getOption('allow_script_urls'),
|
|
34116
|
+
allow_html_in_comments: getOption('allow_html_in_comments'),
|
|
34095
34117
|
allow_mathml_annotation_encodings: getOption('allow_mathml_annotation_encodings'),
|
|
34096
34118
|
allow_unsafe_link_target: getOption('allow_unsafe_link_target'),
|
|
34097
34119
|
convert_unsafe_embeds: getOption('convert_unsafe_embeds'),
|
|
@@ -37762,14 +37784,14 @@
|
|
|
37762
37784
|
* @property minorVersion
|
|
37763
37785
|
* @type String
|
|
37764
37786
|
*/
|
|
37765
|
-
minorVersion: '9.
|
|
37787
|
+
minorVersion: '9.2',
|
|
37766
37788
|
/**
|
|
37767
37789
|
* Release date of TinyMCE build.
|
|
37768
37790
|
*
|
|
37769
37791
|
* @property releaseDate
|
|
37770
37792
|
* @type String
|
|
37771
37793
|
*/
|
|
37772
|
-
releaseDate: '
|
|
37794
|
+
releaseDate: '2026-02-11',
|
|
37773
37795
|
/**
|
|
37774
37796
|
* Collection of language pack data.
|
|
37775
37797
|
*
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
Below is a list of third party libraries that this software uses:
|
|
2
2
|
----------------------------------------------------------------
|
|
3
3
|
|
|
4
|
-
dompurify
|
|
4
|
+
dompurify
|
|
5
5
|
owner: Mario Heiderich
|
|
6
6
|
repo: https://github.com/cure53/DOMPurify
|
|
7
|
-
version: 3.2.
|
|
7
|
+
version: 3.2.6
|
|
8
8
|
license: MPL-2.0 OR Apache-2.0
|
|
9
9
|
|
|
10
10
|
prismjs
|