@ckeditor/ckeditor5-core 43.0.0-alpha.5 → 43.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/editor/editorconfig.d.ts +50 -0
- package/dist/index.d.ts +1 -1
- package/dist/index.js.map +1 -1
- package/package.json +4 -4
- package/src/editor/editorconfig.d.ts +50 -0
- package/src/index.d.ts +1 -1
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ckeditor/ckeditor5-core",
|
|
3
|
-
"version": "43.0.0
|
|
3
|
+
"version": "43.0.0",
|
|
4
4
|
"description": "The core architecture of CKEditor 5 – the best browser-based rich text editor.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"wysiwyg",
|
|
@@ -24,9 +24,9 @@
|
|
|
24
24
|
"type": "module",
|
|
25
25
|
"main": "src/index.js",
|
|
26
26
|
"dependencies": {
|
|
27
|
-
"@ckeditor/ckeditor5-engine": "43.0.0
|
|
28
|
-
"@ckeditor/ckeditor5-utils": "43.0.0
|
|
29
|
-
"@ckeditor/ckeditor5-watchdog": "43.0.0
|
|
27
|
+
"@ckeditor/ckeditor5-engine": "43.0.0",
|
|
28
|
+
"@ckeditor/ckeditor5-utils": "43.0.0",
|
|
29
|
+
"@ckeditor/ckeditor5-watchdog": "43.0.0",
|
|
30
30
|
"lodash-es": "4.17.21"
|
|
31
31
|
},
|
|
32
32
|
"author": "CKSource (http://cksource.com/)",
|
|
@@ -805,6 +805,43 @@ export interface EditorConfig {
|
|
|
805
805
|
* Translations to be used in the editor.
|
|
806
806
|
*/
|
|
807
807
|
translations?: ArrayOrItem<Translations>;
|
|
808
|
+
/**
|
|
809
|
+
* Callback used to sanitize the HTML provided by the user when generating previews of it in the editor.
|
|
810
|
+
*
|
|
811
|
+
* We strongly recommend overwriting the default function to avoid XSS vulnerabilities.
|
|
812
|
+
*
|
|
813
|
+
* Read more about the security aspect of this feature in the {@glink features/html/html-embed#security "Security"} section of
|
|
814
|
+
* the {@glink features/html/html-embed HTML embed} feature guide.
|
|
815
|
+
*
|
|
816
|
+
* The function receives the input HTML (as a string), and should return an object
|
|
817
|
+
* that matches the {@link module:core/editor/editorconfig~SanitizedOutput} interface.
|
|
818
|
+
*
|
|
819
|
+
* ```ts
|
|
820
|
+
* ClassicEditor
|
|
821
|
+
* .create( editorElement, {
|
|
822
|
+
* sanitizeHtml( inputHtml ) {
|
|
823
|
+
* // Strip unsafe elements and attributes, e.g.:
|
|
824
|
+
* // the `<script>` elements and `on*` attributes.
|
|
825
|
+
* const outputHtml = sanitize( inputHtml );
|
|
826
|
+
*
|
|
827
|
+
* return {
|
|
828
|
+
* html: outputHtml,
|
|
829
|
+
* // `true` or `false` depending on whether the sanitizer stripped anything.
|
|
830
|
+
* hasChanged: inputHtml !== outputHtml
|
|
831
|
+
* };
|
|
832
|
+
* } )
|
|
833
|
+
* .then( ... )
|
|
834
|
+
* .catch( ... );
|
|
835
|
+
* ```
|
|
836
|
+
*
|
|
837
|
+
* This function is used by following features:
|
|
838
|
+
*
|
|
839
|
+
* * {@glink features/html/html-embed HTML embed}
|
|
840
|
+
* (when {@link module:html-embed/htmlembedconfig~HtmlEmbedConfig#showPreviews `showPreviews`} flag is set).
|
|
841
|
+
* * {@glink features/merge-fields Merge fields}
|
|
842
|
+
* (when {@link module:merge-fields/mergefieldsconfig~MergeFieldsConfig#previewHtmlValues `previewHtmlValues`} flag is set).
|
|
843
|
+
*/
|
|
844
|
+
sanitizeHtml?: (html: string) => SanitizedOutput;
|
|
808
845
|
}
|
|
809
846
|
/**
|
|
810
847
|
* The `config.initialData` option cannot be used together with the initial data passed as the first parameter of
|
|
@@ -945,3 +982,16 @@ export interface UiConfig {
|
|
|
945
982
|
**/
|
|
946
983
|
poweredBy?: PoweredByConfig;
|
|
947
984
|
}
|
|
985
|
+
/**
|
|
986
|
+
* An object returned by the {@link module:core/editor/editorconfig~EditorConfig#sanitizeHtml} function.
|
|
987
|
+
*/
|
|
988
|
+
export interface SanitizedOutput {
|
|
989
|
+
/**
|
|
990
|
+
* An output (safe) HTML that will be inserted into the {@glink framework/architecture/editing-engine editing view}.
|
|
991
|
+
*/
|
|
992
|
+
html: string;
|
|
993
|
+
/**
|
|
994
|
+
* A flag that indicates whether the output HTML is different than the input value.
|
|
995
|
+
*/
|
|
996
|
+
hasChanged: boolean;
|
|
997
|
+
}
|
package/src/index.d.ts
CHANGED
|
@@ -15,7 +15,7 @@ export { default as ContextPlugin, type ContextPluginDependencies } from './cont
|
|
|
15
15
|
export { type EditingKeystrokeCallback } from './editingkeystrokehandler.js';
|
|
16
16
|
export type { PartialBy, NonEmptyArray, HexColor } from './typings.js';
|
|
17
17
|
export { default as Editor, type EditorReadyEvent, type EditorDestroyEvent } from './editor/editor.js';
|
|
18
|
-
export type { EditorConfig, LanguageConfig, ToolbarConfig, ToolbarConfigItem, UiConfig } from './editor/editorconfig.js';
|
|
18
|
+
export type { EditorConfig, LanguageConfig, ToolbarConfig, ToolbarConfigItem, UiConfig, SanitizedOutput } from './editor/editorconfig.js';
|
|
19
19
|
export { default as attachToForm } from './editor/utils/attachtoform.js';
|
|
20
20
|
export { default as DataApiMixin, type DataApi } from './editor/utils/dataapimixin.js';
|
|
21
21
|
export { default as ElementApiMixin, type ElementApi } from './editor/utils/elementapimixin.js';
|