@ckeditor/ckeditor5-core 43.1.0-alpha.7 → 43.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/editor/editorconfig.d.ts +0 -51
- package/dist/index.d.ts +1 -1
- package/dist/index.js +10 -16
- package/dist/index.js.map +1 -1
- package/package.json +4 -4
- package/src/editor/editor.js +11 -17
- package/src/editor/editorconfig.d.ts +0 -51
- package/src/index.d.ts +1 -1
|
@@ -809,43 +809,6 @@ export interface EditorConfig {
|
|
|
809
809
|
* Translations to be used in the editor.
|
|
810
810
|
*/
|
|
811
811
|
translations?: ArrayOrItem<Translations>;
|
|
812
|
-
/**
|
|
813
|
-
* Callback used to sanitize the HTML provided by the user when generating previews of it in the editor.
|
|
814
|
-
*
|
|
815
|
-
* We strongly recommend overwriting the default function to avoid XSS vulnerabilities.
|
|
816
|
-
*
|
|
817
|
-
* Read more about the security aspect of this feature in the {@glink getting-started/setup/html-security "HTML security"}
|
|
818
|
-
* guide.
|
|
819
|
-
*
|
|
820
|
-
* The function receives the input HTML (as a string), and should return an object
|
|
821
|
-
* that matches the {@link module:core/editor/editorconfig~SanitizedOutput} interface.
|
|
822
|
-
*
|
|
823
|
-
* ```ts
|
|
824
|
-
* ClassicEditor
|
|
825
|
-
* .create( editorElement, {
|
|
826
|
-
* sanitizeHtml( inputHtml ) {
|
|
827
|
-
* // Strip unsafe elements and attributes, e.g.:
|
|
828
|
-
* // the `<script>` elements and `on*` attributes.
|
|
829
|
-
* const outputHtml = sanitize( inputHtml );
|
|
830
|
-
*
|
|
831
|
-
* return {
|
|
832
|
-
* html: outputHtml,
|
|
833
|
-
* // `true` or `false` depending on whether the sanitizer stripped anything.
|
|
834
|
-
* hasChanged: inputHtml !== outputHtml
|
|
835
|
-
* };
|
|
836
|
-
* } )
|
|
837
|
-
* .then( ... )
|
|
838
|
-
* .catch( ... );
|
|
839
|
-
* ```
|
|
840
|
-
*
|
|
841
|
-
* This function is used by following features:
|
|
842
|
-
*
|
|
843
|
-
* * {@glink features/html/html-embed HTML embed}
|
|
844
|
-
* (when {@link module:html-embed/htmlembedconfig~HtmlEmbedConfig#showPreviews `showPreviews`} flag is set).
|
|
845
|
-
* * {@glink features/merge-fields Merge fields}
|
|
846
|
-
* (when {@link module:merge-fields/mergefieldsconfig~MergeFieldsConfig#previewHtmlValues `previewHtmlValues`} flag is set).
|
|
847
|
-
*/
|
|
848
|
-
sanitizeHtml?: HtmlSanitizationCallback;
|
|
849
812
|
/**
|
|
850
813
|
* Label text for the `aria-label` attribute set on editor editing area. Used by assistive technologies
|
|
851
814
|
* to tell apart multiple editor instances (editing areas) on the page. If not set, a default
|
|
@@ -1027,17 +990,3 @@ export interface UiConfig {
|
|
|
1027
990
|
**/
|
|
1028
991
|
poweredBy?: PoweredByConfig;
|
|
1029
992
|
}
|
|
1030
|
-
/**
|
|
1031
|
-
* An object returned by the {@link module:core/editor/editorconfig~EditorConfig#sanitizeHtml} function.
|
|
1032
|
-
*/
|
|
1033
|
-
export interface SanitizedOutput {
|
|
1034
|
-
/**
|
|
1035
|
-
* An output (safe) HTML that will be inserted into the {@glink framework/architecture/editing-engine editing view}.
|
|
1036
|
-
*/
|
|
1037
|
-
html: string;
|
|
1038
|
-
/**
|
|
1039
|
-
* A flag that indicates whether the output HTML is different than the input value.
|
|
1040
|
-
*/
|
|
1041
|
-
hasChanged: boolean;
|
|
1042
|
-
}
|
|
1043
|
-
export type HtmlSanitizationCallback = (html: string) => SanitizedOutput;
|
package/dist/index.d.ts
CHANGED
|
@@ -19,7 +19,7 @@ export { default as ContextPlugin, type ContextPluginDependencies } from './cont
|
|
|
19
19
|
export { type EditingKeystrokeCallback } from './editingkeystrokehandler.js';
|
|
20
20
|
export type { PartialBy, NonEmptyArray, HexColor } from './typings.js';
|
|
21
21
|
export { default as Editor, type EditorReadyEvent, type EditorDestroyEvent } from './editor/editor.js';
|
|
22
|
-
export type { EditorConfig, LanguageConfig, ToolbarConfig, ToolbarConfigItem, UiConfig
|
|
22
|
+
export type { EditorConfig, LanguageConfig, ToolbarConfig, ToolbarConfigItem, UiConfig } from './editor/editorconfig.js';
|
|
23
23
|
export { default as attachToForm } from './editor/utils/attachtoform.js';
|
|
24
24
|
export { default as DataApiMixin, type DataApi } from './editor/utils/dataapimixin.js';
|
|
25
25
|
export { default as ElementApiMixin, type ElementApi } from './editor/utils/elementapimixin.js';
|
package/dist/index.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* @license Copyright (c) 2003-2024, CKSource Holding sp. z o.o. All rights reserved.
|
|
3
3
|
* For licensing, see LICENSE.md or https://ckeditor.com/legal/ckeditor-oss-license
|
|
4
4
|
*/
|
|
5
|
-
import { ObservableMixin, insertToPriorityArray, EmitterMixin, CKEditorError, Config, Locale, Collection, KeystrokeHandler,
|
|
5
|
+
import { ObservableMixin, insertToPriorityArray, EmitterMixin, CKEditorError, Config, Locale, Collection, KeystrokeHandler, setDataInElement } from '@ckeditor/ckeditor5-utils/dist/index.js';
|
|
6
6
|
import { Model, StylesProcessor, DataController, EditingController, Conversion } from '@ckeditor/ckeditor5-engine/dist/index.js';
|
|
7
7
|
import { EditorWatchdog, ContextWatchdog } from '@ckeditor/ckeditor5-watchdog/dist/index.js';
|
|
8
8
|
import { isFunction } from 'lodash-es';
|
|
@@ -1826,6 +1826,15 @@ const DEFAULT_GROUP_ID = 'common';
|
|
|
1826
1826
|
* @param config The editor configuration.
|
|
1827
1827
|
*/ constructor(config = {}){
|
|
1828
1828
|
super();
|
|
1829
|
+
if ('sanitizeHtml' in config) {
|
|
1830
|
+
/**
|
|
1831
|
+
* Configuration property `config.sanitizeHtml` was removed in CKEditor version 43.1.0 and is no longer supported.
|
|
1832
|
+
*
|
|
1833
|
+
* Please use `config.htmlEmbed.sanitizeHtml` and/or `config.mergeFields.sanitizeHtml` instead.
|
|
1834
|
+
*
|
|
1835
|
+
* @error editor-config-sanitizehtml-not-supported
|
|
1836
|
+
*/ throw new CKEditorError('editor-config-sanitizehtml-not-supported');
|
|
1837
|
+
}
|
|
1829
1838
|
const constructor = this.constructor;
|
|
1830
1839
|
// We don't pass translations to the config, because its behavior of splitting keys
|
|
1831
1840
|
// with dots (e.g. `resize.width` => `resize: { width }`) breaks the translations.
|
|
@@ -1844,21 +1853,6 @@ const DEFAULT_GROUP_ID = 'common';
|
|
|
1844
1853
|
this.config = new Config(rest, defaultConfig);
|
|
1845
1854
|
this.config.define('plugins', availablePlugins);
|
|
1846
1855
|
this.config.define(this._context._getEditorConfig());
|
|
1847
|
-
this.config.define('sanitizeHtml', function(rawHtml) {
|
|
1848
|
-
/**
|
|
1849
|
-
* One of the editor features directly inserts unsanitized HTML code into the editor.
|
|
1850
|
-
* It is strongly recommended to define a sanitize function that will clean up the input HTML
|
|
1851
|
-
* in order to avoid XSS vulnerability.
|
|
1852
|
-
*
|
|
1853
|
-
* For a detailed overview, check the {@glink getting-started/setup/html-security "HTML security"} guide.
|
|
1854
|
-
*
|
|
1855
|
-
* @error provide-sanitize-function
|
|
1856
|
-
*/ logWarning('provide-sanitize-function');
|
|
1857
|
-
return {
|
|
1858
|
-
html: rawHtml,
|
|
1859
|
-
hasChanged: false
|
|
1860
|
-
};
|
|
1861
|
-
});
|
|
1862
1856
|
this.plugins = new PluginCollection(this, availablePlugins, this._context.plugins);
|
|
1863
1857
|
this.locale = this._context.locale;
|
|
1864
1858
|
this.t = this.locale.t;
|