@37signals/lexxy 0.9.6-beta → 0.9.7-beta
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/lexxy.esm.js +12 -10
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
A modern rich text editor for Rails.
|
|
4
4
|
|
|
5
5
|
> [!IMPORTANT]
|
|
6
|
-
> This is
|
|
6
|
+
> This is a beta. It hasn't been battle-tested yet. Please try it out and report any issues you find.
|
|
7
7
|
|
|
8
8
|
**[Try it out!](https://basecamp.github.io/lexxy/try-it)**
|
|
9
9
|
|
|
@@ -26,7 +26,7 @@ Visit the **[documentation site](https://basecamp.github.io/lexxy)**.
|
|
|
26
26
|
|
|
27
27
|
## Roadmap
|
|
28
28
|
|
|
29
|
-
This is
|
|
29
|
+
This is a beta. Here's what's coming next:
|
|
30
30
|
|
|
31
31
|
- [x] Configurable editors in Action Text: Choose your editor like you choose your database.
|
|
32
32
|
- [x] More editing features:
|
package/dist/lexxy.esm.js
CHANGED
|
@@ -72,7 +72,7 @@ DOMPurify.addHook("uponSanitizeElement", (node, data) => {
|
|
|
72
72
|
}
|
|
73
73
|
});
|
|
74
74
|
|
|
75
|
-
function buildConfig(allowedElements) {
|
|
75
|
+
function buildConfig(allowedElements ) {
|
|
76
76
|
const tagAttributes = {};
|
|
77
77
|
|
|
78
78
|
for (const element of allowedElements) {
|
|
@@ -1172,15 +1172,12 @@ var Lexxy = {
|
|
|
1172
1172
|
}
|
|
1173
1173
|
};
|
|
1174
1174
|
|
|
1175
|
-
function
|
|
1176
|
-
|
|
1175
|
+
function setSanitizerConfig(allowedTags) {
|
|
1176
|
+
DOMPurify.clearConfig();
|
|
1177
|
+
DOMPurify.setConfig(buildConfig(allowedTags));
|
|
1177
1178
|
}
|
|
1178
1179
|
|
|
1179
|
-
|
|
1180
|
-
// Uses DOMPurify defaults to strip XSS vectors (scripts, event handlers)
|
|
1181
|
-
// while preserving the richer tag set that server-rendered attachment
|
|
1182
|
-
// content legitimately uses (e.g. <span>, <div>, <img>).
|
|
1183
|
-
function sanitizeAttachmentContent(html) {
|
|
1180
|
+
function sanitize(html) {
|
|
1184
1181
|
return DOMPurify.sanitize(html)
|
|
1185
1182
|
}
|
|
1186
1183
|
|
|
@@ -1276,7 +1273,7 @@ class CustomActionTextAttachmentNode extends DecoratorNode {
|
|
|
1276
1273
|
createDOM() {
|
|
1277
1274
|
const figure = createElement(this.tagName, { "content-type": this.contentType, "data-lexxy-decorator": true });
|
|
1278
1275
|
|
|
1279
|
-
figure.insertAdjacentHTML("beforeend",
|
|
1276
|
+
figure.insertAdjacentHTML("beforeend", sanitize(this.innerHtml));
|
|
1280
1277
|
|
|
1281
1278
|
const deleteButton = createElement("lexxy-node-delete-button");
|
|
1282
1279
|
figure.appendChild(deleteButton);
|
|
@@ -6734,7 +6731,7 @@ class LexicalEditorElement extends HTMLElement {
|
|
|
6734
6731
|
get value() {
|
|
6735
6732
|
if (!this.cachedValue) {
|
|
6736
6733
|
this.editor?.getEditorState().read(() => {
|
|
6737
|
-
this.cachedValue = sanitize($generateHtmlFromNodes(this.editor, null)
|
|
6734
|
+
this.cachedValue = sanitize($generateHtmlFromNodes(this.editor, null));
|
|
6738
6735
|
});
|
|
6739
6736
|
}
|
|
6740
6737
|
|
|
@@ -6793,6 +6790,7 @@ class LexicalEditorElement extends HTMLElement {
|
|
|
6793
6790
|
this.#registerFocusEvents();
|
|
6794
6791
|
this.#attachDebugHooks();
|
|
6795
6792
|
this.#attachToolbar();
|
|
6793
|
+
this.#configureSanitizer();
|
|
6796
6794
|
this.#loadInitialValue();
|
|
6797
6795
|
this.#resetBeforeTurboCaches();
|
|
6798
6796
|
}
|
|
@@ -7069,6 +7067,10 @@ class LexicalEditorElement extends HTMLElement {
|
|
|
7069
7067
|
}
|
|
7070
7068
|
}
|
|
7071
7069
|
|
|
7070
|
+
#configureSanitizer() {
|
|
7071
|
+
setSanitizerConfig(this.#allowedElements);
|
|
7072
|
+
}
|
|
7073
|
+
|
|
7072
7074
|
get #allowedElements() {
|
|
7073
7075
|
return this.#importableTags.concat(this.extensions.allowedElements)
|
|
7074
7076
|
}
|