@ckeditor/ckeditor5-html-support 47.6.0-alpha.8 → 47.6.0-alpha.9

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ckeditor/ckeditor5-html-support",
-  "version": "47.6.0-alpha.8",
+  "version": "47.6.0-alpha.9",
   "description": "HTML Support feature for CKEditor 5.",
   "keywords": [
     "ckeditor",
@@ -17,17 +17,17 @@
   "type": "module",
   "main": "src/index.js",
   "dependencies": {
-    "@ckeditor/ckeditor5-core": "47.6.0-alpha.8",
-    "@ckeditor/ckeditor5-engine": "47.6.0-alpha.8",
-    "@ckeditor/ckeditor5-enter": "47.6.0-alpha.8",
-    "@ckeditor/ckeditor5-heading": "47.6.0-alpha.8",
-    "@ckeditor/ckeditor5-image": "47.6.0-alpha.8",
-    "@ckeditor/ckeditor5-list": "47.6.0-alpha.8",
-    "@ckeditor/ckeditor5-remove-format": "47.6.0-alpha.8",
-    "@ckeditor/ckeditor5-table": "47.6.0-alpha.8",
-    "@ckeditor/ckeditor5-utils": "47.6.0-alpha.8",
-    "@ckeditor/ckeditor5-widget": "47.6.0-alpha.8",
-    "ckeditor5": "47.6.0-alpha.8",
+    "@ckeditor/ckeditor5-core": "47.6.0-alpha.9",
+    "@ckeditor/ckeditor5-engine": "47.6.0-alpha.9",
+    "@ckeditor/ckeditor5-enter": "47.6.0-alpha.9",
+    "@ckeditor/ckeditor5-heading": "47.6.0-alpha.9",
+    "@ckeditor/ckeditor5-image": "47.6.0-alpha.9",
+    "@ckeditor/ckeditor5-list": "47.6.0-alpha.9",
+    "@ckeditor/ckeditor5-remove-format": "47.6.0-alpha.9",
+    "@ckeditor/ckeditor5-table": "47.6.0-alpha.9",
+    "@ckeditor/ckeditor5-utils": "47.6.0-alpha.9",
+    "@ckeditor/ckeditor5-widget": "47.6.0-alpha.9",
+    "ckeditor5": "47.6.0-alpha.9",
     "es-toolkit": "1.39.5"
   },
   "author": "CKSource (http://cksource.com/)",

package/src/generalhtmlsupport.d.ts

@@ -18,6 +18,7 @@ import { TableElementSupport } from './integrations/table.js';
 import { StyleElementSupport } from './integrations/style.js';
 import { ListElementSupport } from './integrations/list.js';
 import { HorizontalLineElementSupport } from './integrations/horizontalline.js';
+import { IframeElementSupport } from './integrations/iframe.js';
 import { CustomElementSupport } from './integrations/customelement.js';
 import type { ModelSelectable } from 'ckeditor5/src/engine.js';
 /**
@@ -38,7 +39,7 @@ export declare class GeneralHtmlSupport extends Plugin {
     /**
      * @inheritDoc
      */
-    static get requires(): readonly [typeof DataFilter, typeof CodeBlockElementSupport, typeof DualContentModelElementSupport, typeof HeadingElementSupport, typeof ImageElementSupport, typeof MediaEmbedElementSupport, typeof ScriptElementSupport, typeof TableElementSupport, typeof StyleElementSupport, typeof ListElementSupport, typeof HorizontalLineElementSupport, typeof CustomElementSupport];
+    static get requires(): readonly [typeof DataFilter, typeof CodeBlockElementSupport, typeof DualContentModelElementSupport, typeof HeadingElementSupport, typeof ImageElementSupport, typeof MediaEmbedElementSupport, typeof ScriptElementSupport, typeof TableElementSupport, typeof StyleElementSupport, typeof ListElementSupport, typeof HorizontalLineElementSupport, typeof IframeElementSupport, typeof CustomElementSupport];
     /**
      * @inheritDoc
      */

package/src/generalhtmlsupport.js

@@ -18,6 +18,7 @@ import { TableElementSupport } from './integrations/table.js';
 import { StyleElementSupport } from './integrations/style.js';
 import { ListElementSupport } from './integrations/list.js';
 import { HorizontalLineElementSupport } from './integrations/horizontalline.js';
+import { IframeElementSupport } from './integrations/iframe.js';
 import { CustomElementSupport } from './integrations/customelement.js';
 import { getHtmlAttributeName, modifyGhsAttribute, removeFormatting } from './utils.js';
 /**
@@ -55,6 +56,7 @@ export class GeneralHtmlSupport extends Plugin {
             StyleElementSupport,
             ListElementSupport,
             HorizontalLineElementSupport,
+            IframeElementSupport,
             CustomElementSupport
         ];
     }

package/src/generalhtmlsupportconfig.d.ts

@@ -102,6 +102,40 @@ export interface GeneralHtmlSupportConfig {
      * ```
      */
     fullPage?: GHSFullPageConfig;
+    /**
+     * Controls the `sandbox` attribute on iframe elements by specifying allowed sandbox flags.
+     *
+     * **Note:** This option only affects the editing view and does not modify the data output.
+     *
+     * When set to `false`:
+     *
+     * * The sandbox attribute will not be modified or added to iframe elements.
+     *
+     * When set to `true`:
+     *
+     * * All restrictions are enforced by adding an empty `sandbox` attribute to iframe elements.
+     *
+     * When set to an array of strings:
+     *
+     * * Only the specified sandbox flags will be preserved on iframe elements.
+     * * Any sandbox flags not in the list will be automatically removed.
+     * * If an empty array is provided, the `sandbox` attribute will be added with no flags (enforcing all restrictions).
+     *
+     * ```ts
+     * ClassicEditor
+     * 	.create( {
+     * 		htmlSupport: {
+     * 			// All restrictions are enforced (empty sandbox attribute).
+     * 			htmlIframeSandbox: true
+     * 		}
+     * 	} )
+     * 	.then( ... )
+     * 	.catch( ... );
+     * ```
+     *
+     * @default true
+     */
+    htmlIframeSandbox?: boolean | Array<string>;
 }
 /**
  * The configuration of the Full page editing feature.

package/src/index.d.ts

@@ -23,6 +23,7 @@ export { MediaEmbedElementSupport } from './integrations/mediaembed.js';
 export { ScriptElementSupport } from './integrations/script.js';
 export { StyleElementSupport } from './integrations/style.js';
 export { TableElementSupport } from './integrations/table.js';
+export { IframeElementSupport } from './integrations/iframe.js';
 export { HorizontalLineElementSupport } from './integrations/horizontalline.js';
 export { viewToModelObjectConverter as _viewToModelObjectContentHtmlSupportConverter, toObjectWidgetConverter as _toObjectWidgetHtmlSupportConverter, createObjectView as _createObjectHtmlSupportView, viewToAttributeInlineConverter as _viewToAttributeInlineHtmlSupportConverter, emptyInlineModelElementToViewConverter as _emptyInlineModelElementToViewHtmlSupportConverter, attributeToViewInlineConverter as _attributeToInlineHtmlSupportConverter, viewToModelBlockAttributeConverter as _viewToModelBlockAttributeHtmlSupportConverter, modelToViewBlockAttributeConverter as _modelToViewBlockAttributeHtmlSupportConverter } from './converters.js';
 export { getDescendantElement as _getHtmlSupportDescendantElement } from './integrations/integrationutils.js';

package/src/index.js

@@ -22,6 +22,7 @@ export { MediaEmbedElementSupport } from './integrations/mediaembed.js';
 export { ScriptElementSupport } from './integrations/script.js';
 export { StyleElementSupport } from './integrations/style.js';
 export { TableElementSupport } from './integrations/table.js';
+export { IframeElementSupport } from './integrations/iframe.js';
 export { HorizontalLineElementSupport } from './integrations/horizontalline.js';
 export { viewToModelObjectConverter as _viewToModelObjectContentHtmlSupportConverter, toObjectWidgetConverter as _toObjectWidgetHtmlSupportConverter, createObjectView as _createObjectHtmlSupportView, viewToAttributeInlineConverter as _viewToAttributeInlineHtmlSupportConverter, emptyInlineModelElementToViewConverter as _emptyInlineModelElementToViewHtmlSupportConverter, attributeToViewInlineConverter as _attributeToInlineHtmlSupportConverter, viewToModelBlockAttributeConverter as _viewToModelBlockAttributeHtmlSupportConverter, modelToViewBlockAttributeConverter as _modelToViewBlockAttributeHtmlSupportConverter } from './converters.js';
 export { getDescendantElement as _getHtmlSupportDescendantElement } from './integrations/integrationutils.js';

package/src/integrations/iframe.d.ts

@@ -0,0 +1,31 @@
+/**
+ * @license Copyright (c) 2003-2026, CKSource Holding sp. z o.o. All rights reserved.
+ * For licensing, see LICENSE.md or https://ckeditor.com/legal/ckeditor-licensing-options
+ */
+import { Plugin } from 'ckeditor5/src/core.js';
+import { DataFilter } from '../datafilter.js';
+/**
+ * Provides the General HTML Support integration for `iframe` elements with a mandatory sandbox attribute.
+ */
+export declare class IframeElementSupport extends Plugin {
+    /**
+     * @inheritDoc
+     */
+    static get requires(): readonly [typeof DataFilter];
+    /**
+     * @inheritDoc
+     */
+    static get pluginName(): "IframeElementSupport";
+    /**
+     * @inheritDoc
+     */
+    static get isOfficialPlugin(): true;
+    /**
+     * @inheritDoc
+     */
+    init(): void;
+    /**
+     * Sets up the conversion to enforce the sandbox attribute on `iframe` elements.
+     */
+    private _setupSandboxConversion;
+}

package/src/integrations/iframe.js

@@ -0,0 +1,76 @@
+/**
+ * @license Copyright (c) 2003-2026, CKSource Holding sp. z o.o. All rights reserved.
+ * For licensing, see LICENSE.md or https://ckeditor.com/legal/ckeditor-licensing-options
+ */
+import { Plugin } from 'ckeditor5/src/core.js';
+import { DataFilter } from '../datafilter.js';
+/**
+ * Provides the General HTML Support integration for `iframe` elements with a mandatory sandbox attribute.
+ */
+export class IframeElementSupport extends Plugin {
+    /**
+     * @inheritDoc
+     */
+    static get requires() {
+        return [DataFilter];
+    }
+    /**
+     * @inheritDoc
+     */
+    static get pluginName() {
+        return 'IframeElementSupport';
+    }
+    /**
+     * @inheritDoc
+     */
+    static get isOfficialPlugin() {
+        return true;
+    }
+    /**
+     * @inheritDoc
+     */
+    init() {
+        this.editor.config.define('htmlSupport.htmlIframeSandbox', true);
+        this._setupSandboxConversion();
+    }
+    /**
+     * Sets up the conversion to enforce the sandbox attribute on `iframe` elements.
+     */
+    _setupSandboxConversion() {
+        const { plugins, config, conversion } = this.editor;
+        const dataFilter = plugins.get(DataFilter);
+        const iframeSandboxConfig = config.get('htmlSupport.htmlIframeSandbox');
+        if (iframeSandboxConfig === false) {
+            return;
+        }
+        const allowedSandboxFlags = Array.isArray(iframeSandboxConfig) ? Array.from(iframeSandboxConfig) : [];
+        dataFilter.on('register:iframe', (_, definition) => {
+            conversion.for('editingDowncast').add((dispatcher) => {
+                dispatcher.on(`insert:${definition.model}`, (_, data, conversionApi) => {
+                    const { mapper, writer } = conversionApi;
+                    const viewElement = mapper.toViewElement(data.item);
+                    for (const { item } of writer.createRangeOn(viewElement)) {
+                        if (!item.is('element', 'iframe')) {
+                            continue;
+                        }
+                        if (item.hasAttribute('sandbox')) {
+                            // If there is an existing sandbox attribute, read and filter out disallowed values.
+                            const sandboxValues = new Set();
+                            const existingSandbox = item.getAttribute('sandbox');
+                            for (const value of existingSandbox.trim().split(/\s+/)) {
+                                if (allowedSandboxFlags.includes(value)) {
+                                    sandboxValues.add(value);
+                                }
+                            }
+                            writer.setAttribute('sandbox', Array.from(sandboxValues).join(' '), item);
+                        }
+                        else {
+                            // If there was no existing sandbox attribute, just use the configured one.
+                            writer.setAttribute('sandbox', allowedSandboxFlags.join(' '), item);
+                        }
+                    }
+                }, { priority: 'lowest' });
+            });
+        });
+    }
+}